A cyber incident 1 is an inescapable event for any company. Attackers take the path of least-resistance and different attackers have different purposes. Protect Our Power is focused on Best Practices to prevent attackers from damaging 2 the grid that supplies power to end-customers. Incident Response protocols outline a set of actions a victim should take when an attack has been discovered, and the response depends on the specifics of the attack. Without guidance and shared experiences, however, utilities may take uninformed or even ill-advised actions. For example, a common response to a virus or malware may be to simply unplug all infested computers – but that may be the worst thing a defender can do. Other responses may be to simply re-boot all computers or take other actions that might initially seem logical but, in fact are not. By surfacing Best Practices in this area, defenders will have a set of information and resources that they can rely on for guiding their response to an incident.

1 A cyber incident is any malicious act or suspicious event that: compromises, or was an attempt to compromise, the Electronic Security Perimeter or Physical Security Perimeter of a Critical Cyber Asset, or, disrupts, or was an attempt to disrupt, the operation of a Critical Cyber Asset.

2 Some attackers want to steal data or information, others want to extract a ransom for decrypting data they have maliciously encrypted, and still others just want to illegally test their skills, with more aggressive purposes likely in mind for the future.

Educational Institution Connections:

Protect Our Power is seeking an Educational Institution to develop information within this Topic for use by North American Electric Utilities. Contact Erick Ford at for more information or to recommend an Educational Institution.