Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, Section 2(e): Assessment of Electricity Disruption Incident Response Capabilities [open pdf - 990KB]
"Cyberattacks and intrusions targeting U.S. electric utilities have been reported, though no lasting damage--physical, cyber-physical, or otherwise--has been observed. Without precedent, it is very difficult to predict the impacts to the country of a prolonged power outage from a significant cyber incident, which remains a significant gap for the intelligence community, industry, and subject matter experts. Mitigating this gap will require detailed knowledge of the capabilities of the adversary, the real-time technical conditions of the grid and electricity markets, the behavioral responses of the operators of multiple systems and their customers, as well as tens if not hundreds of additional variables. In both government and private industry, U.S. electricity subsector stakeholders perform regular assessments, exercises, and information sharing and coordination plans of general and specific responses to significant cyber incidents. As part of this overall coordinated effort, Executive Order 13800 on 'Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure' called for an Assessment of Electricity Disruption Incident Response Capabilities. The terms 'electric grid', 'the grid', and 'electricity system' are used interchangeably throughout this report. Presidential Policy Directive 41 defines a significant cyber incident as a cyber incident that is (or group of related cyber incidents) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people."
Department of Energy: https://www.energy.gov/