RC3 CYBERSECURITY SELF-ASSESSMENT - Available In Online And Hardcopy Versions
The RC3 Self-Assessment tool, developed by NRECA, will help cooperatives understand their cybersecurity posture. Results of the self-assessment can be used by the cooperative to prioritize mitigation actions and develop a cybersecurity action plan for their organization.
Please note: The RC3
Cybersecurity Self-Assessment can be conducted in a virtual environment through
a coordinated web conference and does not require participants to assemble at
the same location.
ONLINE VERSION:
NRECA worked with Axio Global, Inc., to host the RC3 Cybersecurity Self-Assessment on the Axio360 platform. This version provides more features not feasible in the hardcopy version.
Through NRECA's National Discount Program, members can now receive discounted access to this RC3 Online Cybersecurity Self-Assessment. For more information and to schedule a demo, please contact: nreca_ndp@axio.com
NRECA and Axio provide a number of training webinars and materials related to the Online Version, to assist members in accessing the platform and successfully conducting the online self-assessment.
Training and Materials For the Online Version
HARDCOPY VERSION (2018 TOOLKIT):
The hardcopy version was developed by NRECA's RC3 Program in 2018 as a Do-It-Yourself (DIY) Toolkit intended to be a starting point for cooperatives in the beginning or early stages of developing a cybersecurity program. It is available to members free of charge:
[button title="Request%20to%20download%202018%20Toolkit" link="https%3A%2F%2Fwww.cooperative.com%2Fprograms-services%2Fbts%2FPages%2FSecure%2FSelf-Assessment-DIY-Toolkit.aspx" /]
[accordions]
[accordion title="Read%20more"]
The goal of the RC3 Self-Assessment DIY Toolkit is to help cooperatives assess their current cybersecurity posture, identify areas for improvement, and use those insights to develop and implement a cybersecurity action plan. The Self-Assessment can assist cooperatives in the discovery of cyber vulnerabilities, understanding ways to improve the security controls needed when working with cybersecurity vendors, and defining ways to train staff. This toolkit is specifically designed for cooperatives with few, or no, information technology (IT) staff. The target audience for the RC3 Self-Assessment DIY Toolkit is the cooperative's leadership team. The majority of questions in the Self-Assessment are not focused specifically on technical IT capabilities. Toolkit Contents Include:
-
2018 Reducing Risk in Cybersecurity: An RC3 Guide for Electric Cooperatives - Version 1.0
-
2018 RC3 Cybersecurity Self-Assessment Template - Version 1.0
-
2018 RC3 Cybersecurity Self-Assessment Scoring Worksheet - Version 1.0
-
Train the Trainer Manual, to provide guidance for co-ops to facilitate their self-assessment process (Scheduled to be released in early 2020).
This material is based upon work supported by the Department of Energy National Technology Laboratory under Award Number: DE-OE0000807.
[/accordion]
[/accordions]
CYBERSECURITY RISK MITIGATION GUIDE
(RMG) (2014)
The purpose of the 2014 RMG is to provide electric cooperatives with guidance to improve their general security posture, as well as specific guidance to integrate cybersecurity practices into the aquisition, integration, deployment, and maintenance of smart grid components and technologies. The focus is on cybersecurity controls that a cooperative can implement to meet the security challenges introduced by the smart grid. The intended primary users of the RMG are electric cooperatives' information technology (IT) staff and leadership teams.
[button title="Request%20to%20download%202014%20RMG" link="%2Fprograms-services%2Fbts%2FPages%2FSecure%2FRisk-Mitigation-Guide%2FRisk-Mitigation-Guide-Download.aspx" /]
[accordions]
[accordion title="View%20contents%20of%20the%202014%20Risk%20Mitigation%20Guide"]
The RMG toolkit was developed and published as part of the NRECA-DOE Smart Grid Demonstration Project and includes several documents:
- 2010 The Interoperability and Cybersecurity Plan (ICSP)
- 2010 Security Questions for Smart Grid Vendors
- 2014 Guide to Developing a Cyber Security and Risk Mitigation Plan
- 2014 Cyber Security Plan Template
- 2014 Cyber Security Plan Template – Sample Data
- 2014 Cybersecurity Risk Mitigation Checklist
- 2014 Cybersecurity Template Scoring Worksheet
- 2014 Cybersecurity Template Scoring Worksheet – Sample Data
This material is based upon work supported by the Department of Energy National Technology Laboratory under Award Number: DE-OE0000222.
[/accordion]
[/accordions]
BACKGROUND INFORMATION: THE EVOLUTION OF NRECA'S SELF-ASSESSMENT TOOLS FOR COOPERATIVES
NRECA's cybersecurity resources have developed over time to address our changing industry and to incorporate new guidance and cybersecurity practices from the United States Department of Energy (DOE) and the National Institute of Standards and Technology (NIST).
[accordions]
[accordion title="Read%20more"]
In 2011, through the U.S. Department of Energy (DOE) American Recovery and Reinvestment Act (ARRA), NRECA worked with cooperatives to develop a Risk Mitigation Guide (RMG) to provide cybersecurity guidance to co-ops in the process of implementing integrated smart grid technologies. Later that year, the DOE released the Cybersecurity Capability Maturity Model (C2M2), a tool built through a public-private partnership program “to improve the electric subsector cybersecurity capabilities, and to understand the cybersecurity posture of the grid.”
NRECA updated our Risk Mitigation Guide to integrate new information from the C2M2 and released the 2014 Risk Mitigation Guide to integrate elements of C2M2, while making the cybersecurity plans more applicable to electric cooperatives. This Guide is available below for cooperatives.
Today, through the U.S. DOE-funded Rural Cooperative Cybersecurity Capabilities Program (RC3), NRECA developed a Self-Assessment Do-It-Yourself Toolkit to meet the unique needs of small- to mid-sized cooperatives. The RC3 Self-Assessment incorporates information from the NIST
Small Business Information Security: The Fundamentals, Rev. 1 (NISTIR 7621, 2016). This Toolkit is available in hardcopy via this website for cooperatives.
In 2019, NRECA debuted the online version of the RC3 Self-Assessment. NRECA worked with Axio Global, Inc. to host the RC3 Self-Assessment on their Axio360 platform. The online version includes features not feasible in the hardcopy version. NRECA is currently accepting applicaitons from cooperatives for a multi-year group license for free access to the online platform. Details are available above on this webiste page.
The 2014 RMG and 2018 Self-Assessment Toolkits are not mutually exclusive. Both can be used to benefit cooperatives in their continued efforts to improve their cybersecurity capabilities. The 2014 RMG is designed to help cooperatives improve the cybersecurity of the smart grid technologies they have integrated into their systems. The 2018 Self-Assessment Toolkit is designed for cooperatives that are just starting or are early in the development of their cybersecurity program.
If you have any additional questions on which tool is more appropriate for your cooperatives, please contact our RC3 team at: CybersecurityRC3@nreca.coop.
[/accordion]
[/accordions]
Related Resources
NRECA has produced a series of advisories to share insights from cooperatives who have used the RC3 Self-Assessment:
For questions or any problems in downloading the files, please contact:
To stay informed of new developments in cybersecurity resources and other offerings from NRECA's Business and Technology Strategies department,
sign up for our twice-monthly newsletter.