Incident Response For Small & Medium Sized Utilities Working Group

Invitation to EnergySec Workshop Series: Incident Response For Small & Medium Sized Utilities

What: Collaborative tailoring of Incident Response best practices to small and medium organization needs

Who: “EnergySec community”

How: RSVP to

Where: Online Conference & Email List

When: Throughout 2014

Incident Response is the idea that despite managing “normal days in normal ways”, “unexpected events” that require significant (but temporary) changes in equipment, operations, and procedures to resolve do happen and must be managed in predictable, structured ways. Good Incident Response attempts to plan for these interruptions of  “normal days” in a way that allows organizations to, through “preparation, identification, assessment, and reaction”, return to normal operations in the least disruptive, most efficient way possible.

When it comes to cybersecurity, this perspective is most frequently framed in terms of activities that dedicated security teams should engage in. Realistically, though, not only does effective incident response depend on an entire organization’s support but many critical organizations may not have either dedicated security teams or experience managing cybersecurity incidents.

To fill this gap, EnergySec coordinated a series of workshops to help identify, further develop, articulate, and then share approaches to cyber incident response tailored for those organizations without cybersecurity teams or with little experience managing modern incidents.

Participation was open to any interested party. Execution consisted of up to 8 online meetings and a mailing list which was created for both the duration of these meetings and beyond to assure that the process remains iterative and to provide an ongoing forum for this dialogue.

This effort utilized and complemented other products and initiatives (such as the NISTCSF, NERC CIP, etc.), but actively re-shaped the controls to more effectively assure coverage of and applicability to our community.

Look for a report in early 2015 on the workshop series and lessons small- and medium-sized utilities can use about this topic.

In the near future, Energysec will also be launching a number of other Workshop Series that will tie together, articulate, and share a comprehensive view of what cybersecurity means to small & medium sized utilities. These other groups will focus on topics such as Configuration & Control, Telemetry, Culture & Socialization, Outcome Development, Outsourcing, etc. Incident Response is only the start.

If you or someone you know has insight into any of these topics or is otherwise interested in assisting, please contact us at