News

DOE Launches New Power Sector Cybersecurity Initiative

The newest initiative to protect the nation’s power grid from cyber attacks is the “Electric Sector Cybersecurity Risk Management Maturity” project, led by the U.S. Department of Energy (DOE) and Department of Homeland Security (DHS). The project is expected to leverage the insight of private and public sector grid experts and build on existing cybersecurity measures and strategies.

“This effort will be focused on performance-based strategies and concrete steps to measure progress of cybersecurity in the electric sector,” said White House Cybersecurity Coordinator Howard A. Schmidt in a statement last week. “It is important to understand the sector’s strengths and remaining gaps across the grid to inform investment planning and research and development, and enhance our public-private partnership efforts.”

The initiative will essentially develop a “maturity model” to allow utility companies and grid operators to measure their current capabilities and analyze gaps in their cyber defenses. Maturity models, which rely on best practices to identify an organization’s strengths and weaknesses, are widely used by other sectors to improve performance, efficiency and quality.

Last week, the White House, DOE, and DHS met with more than two dozen leaders from across the electricity sector, and over the next several months, the DOE will host a series of workshops with the private sector to draft a maturity model that can be used throughout the sector.

“More than a dozen electric utilities and grid operators are expected to participate in the pilot program to test the maturity model, assess its effectiveness and validate results,” the DOE said. “This public-private partnership and pilot program will help develop a risk management maturity model that is expected to be made available to the electric sector later this summer.”

Cyber threats to the nation’s electrical grid have become increasingly sophisticated and dynamic. The DOE in September released the Roadmap to Achieve Energy Delivery Systems Cybersecurity and a Cybersecurity Risk Management Process Guideline, documents that seek to establish frameworks and processes to help the electricity sector manage cybersecurity risk.

Source: DOE

SHARE this article