Backup & Disaster Recovery IT Security Outsourced IT

Resilient Power Best Practices

What are Resilient Power Best Practices?

Cyberattackers have been increasingly targeting critical infrastructure, including the U.S. energy grid which is also vulnerable to physical incidents, such as attacks from terrorists or vandals, and existential threats, such as Electronic Magnetic Pulse (EMP) which are generated from geomagnetic solar flares.1 The Cybersecurity and Infrastructure Security Agency (CISA) leads a Resilient Power Working Group, consisting of members of the federal government, state and local governments, non-profits, and private industry, who have summarized best practice recommendations to help, “…executives, chief engineers, emergency preparedness and continuity planning personnel, cyber and physical security engineers, and telecommunications and information technology (IT) staff maintain power to critical infrastructure at key facilities based upon the organization’s risk management plan to preserve life, health, and societal well-being.”2

CISA identifies 16 critical infrastructure sectors:

• Chemical sector
• Commercial Facilities sector
• Communications sector
• Critical manufacturing sector
• Dams sector
• Defense industrial base sector
• Emergency services sector
• Energy sector
• Financial service sector
• Food & agriculture sector
• Government facilities sector
• Healthcare and public health sector
• Information technology sector
• Nuclear reactors, material, and waste sector
• Transportation systems sector
• Water & Wastewater systems sector

Even if your organization’s sector is not one that is identified as a critical infrastructure sector, following resilient power best practices can still help you to in your plans for maintaining power in the event of a disruption to the U.S. energy grid. The following power resilience levels are defined to help determine your organization’s requirements:

Level 1 Resilience. Incorporates cost effective best practices to maintain power to critical operations. Typically, expendable supplies, such as fuel, should be maintained for three days under “all hazards.”

Level 2 Resilience. Extends Level 1’s cost-effective practices to further improve power resiliency. Typically, expendable supplies, such as fuel, should be maintained for seven days under “all hazards.”

Level 3 Resilience. Implements additional measures beyond Level 2 to further improve power resiliency. Typically, expendable supplies, such as fuel, should be maintained for around 30 days under “all hazards.”

Level 4 Resilience. Power should be sustained with no unplanned downtime. Typically, this is limited to the most critical military/federal/National Essential Functions.

The Resilient Power Best Practices Fact Sheet provides design and process best practice highlights in the following categories: process, governance, and maintenance; backup generation sources, fuel, control systems and microgrids, renewable energy and energy storage, tele-communications, cybersecurity, physical security, and electromagnetic (EM) security.

1 Brooks, 2023, “3 Alarming Threats To The U.S. Energy Grid – Cyber, Physical, and Existential Events”

2 CISA, 2022, “Resilient Power Best Practices”