U.S. DOE launches initiative with Dept. of Homeland Security to better protect national electric grid from cyber threats; project to develop 'maturity model' to help utility companies, grid operators gauge capabilities, gaps in defense
January 5, 2012
– As part of the Obama Administration’s efforts to enhance the security and reliability of the nation’s electrical grid, U.S. Energy Secretary Steven Chu today announced an initiative to further protect the electrical grid from cyber attacks. The “Electric Sector Cybersecurity Risk Management Maturity” project, a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS), will leverage the insight of private industry and public sector experts to build on existing cybersecurity measures and strategies to create a more comprehensive and consistent approach to protecting the nation’s energy delivery system.
“This initiative is another important step forward in improving the security of the Nation’s energy infrastructure and ensuring that the country’s electrical systems remain secure, reliable and resilient,” said Secretary Chu. “Establishing a comprehensive cybersecurity approach will give utility companies and grid operators another important tool to improve the grid’s ability to respond to cybersecurity risks.”
“This effort will be focused on performance-based strategies and concrete steps to measure progress of cybersecurity in the electric sector,” said White House Cybersecurity Coordinator Howard A. Schmidt. “It is important to understand the sector’s strengths and remaining gaps across the grid to inform investment planning and research and development, and enhance our public-private partnership efforts.”
This newest initiative, which will build on existing cybersecurity efforts by the Obama Administration and industry, will develop a “maturity model” that allows utility companies and grid operators to measure their current capabilities and analyze gaps in their cyber defenses. Maturity models, which rely on best practices to identify an organization’s strengths and weaknesses, are widely used by other sectors to improve performance, efficiency and quality.
To launch the initiative, officials from the Energy Department, the White House and DHS met earlier today with more than two dozen senior leaders from across the electric sector. Over the next several months, the Department will host a series of workshops with the private sector to draft a maturity model that can be used throughout the electric sector.
More than a dozen electric utilities and grid operators are expected to participate in the pilot program to test the maturity model, assess its effectiveness and validate results. This public-private partnership and pilot program will help develop a risk management maturity model that is expected to be made available to the electric sector later this summer.
As cyber threats to the nation’s electrical grid become increasingly sophisticated and dynamic, the Department of Energy is continuing to work closely with DHS, other government agencies, and industry to reduce the risk of energy disruptions due to cyber incidents. For example, in September, the Department released both the Roadmap to Achieve Energy Delivery Systems Cybersecurity and a Cybersecurity Risk Management Process Guideline that establish frameworks and processes to help the electricity sector manage cybersecurity risk. The initiative launched today builds on these existing efforts by taking a more tactical approach that works well for the entire electric sector.
For more information about the Department's efforts to strengthen cybersecurity for energy systems and activities to modernize the electric grid, visit the Office of Electricity Delivery and Energy Reliability's website.