U.S. Energy Secretary Steven Chu has announced an initiative to further protect the electrical grid from cyber attacks. The âElectric Sector Cybersecurity Risk Management Maturityâ project, a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS), will leverage the insight of private industry and public sector experts to build on existing cybersecurity measures and strategies to create a more comprehensive and consistent approach to protecting the nationâs energy delivery system.
âThis initiative is another important step forward in improving the security of the nationâs energy infrastructure and ensuring that the countryâs electrical systems remain secure, reliable and resilient,â said Secretary Chu. âEstablishing a comprehensive cybersecurity approach will give utility companies and grid operators another important tool to improve the gridâs ability to respond to cybersecurity risks.â
âThis effort will be focused on performance-based strategies and concrete steps to measure progress of cybersecurity in the electric sector,â said White House Cybersecurity Coordinator Howard A. Schmidt. âIt is important to understand the sectorâs strengths and remaining gaps across the grid to inform investment planning and research and development, and enhance our public-private partnership efforts.â
This newest initiative will develop a âmaturity modelâ that allows utility companies and grid operators to measure their current capabilities and analyze gaps in their cyber defenses. Maturity models, which rely on best practices to identify an organizationâs strengths and weaknesses, are widely used by other sectors to improve performance, efficiency and quality.
To launch the initiative, officials from the Energy Department, the White House and DHS met with more than two dozen senior leaders from across the electric sector. Over the next several months, the Department will host a series of workshops with the private sector to draft a maturity model that can be used throughout the electric sector.
More than a dozen electric utilities and grid operators are expected to participate in the pilot program to test the maturity model, assess its effectiveness and validate results. This public-private partnership and pilot program will help develop a risk management maturity model that is expected to be made available to the electric sector later this summer.
As cyber threats to the nationâs electrical grid become increasingly sophisticated and dynamic, the Department of Energy is continuing to work closely with DHS, other government agencies, and industry to reduce the risk of energy disruptions due to cyber incidents. For example, in September, the Department released both the Roadmap to Achieve Energy Delivery Systems Cybersecurity and a Cybersecurity Risk Management Process Guideline that establish frameworks and processes to help the electricity sector manage cybersecurity risk.