The Department of Energy (DOE), Washington, D.C., announced earlier this month that it’s launching an initiative to enhance cyber security on the electric grid. Led by the DOE’s Office of Electricity Delivery and Energy Reliability (OE), the National Institute of Standards and Technology, and the North American Electric Reliability Corporation, this initiative will be an open collaboration with representatives from across the public and private sectors to develop a cyber security risk management process guideline for the electric sector.
According to the DOE, traditional cyber security approaches for electric utilities are segmented, with different approaches for control systems and information systems, resulting in cyber security requirements that are overly restrictive in some cases and not restrictive enough in others. Industry experts believe a common approach is needed to address the unique cyber security risks that a nation-wide smart grid will pose. “Cyber security is vital to the development of a modern electric grid,” says OE Assistant Secretary Patricia Hoffman. “We recognize that each utility faces different risks. Now we need to provide them with standard, adaptable solutions to manage those risks.”
The leadership team has invited stakeholders from across the electric sector to participate, including representatives from the Federal Energy Regulatory Commission, the Department of Homeland Security, and both publicly and privately owned utilities. The group will develop a risk management process guideline that provides utilities a flexible, fundamental approach to managing cyber security risks through a three-tiered approach, addressing risks at the organization level; mission/ business process level; and information system level. This process will allow a utility to better understand its risks, assess the severity, and allocate resources more efficiently to manage them. A draft guideline will be made available for public review and comment before it is finalized and issued.