The Energy Department takes the security and reliability of our power grid very seriously. We work closely with our federal, state and industry partners around the clock to protect the nation’s energy infrastructure from all hazards, including cyber incidents. As this year’s National Cybersecurity Awareness Month and Energy Action Month draw to a close, I’d like to highlight several milestones from the past few months that speak to continued progress and our commitment to strengthen the cybersecurity of our energy infrastructure.
In August, the North American Electric Reliability Corporation (NERC) Board of Trustees approved NERC’s request to have its Electricity Sector Information Sharing and Analysis Center manage our Cybersecurity Risk Information Sharing Program (CRISP) for the electricity sector. We launched CRISP last year with our private sector partners to provide a near real-time capability critical for infrastructure owners and operators to voluntarily share cyber threat data, analyze that data, and receive mitigation measures. NERC’s decision marks the successful transition of a small DOE-funded pilot with five electric sector companies to an industry- managed and funded public-private partnership.
In September, we released a draft of the Energy Sector Cybersecurity Framework Implementation Guidance for public comment. This Guidance is intended to help energy sector stakeholders develop or align their existing cybersecurity risk management programs to meet the objectives of the NIST Cybersecurity Framework. In developing the draft Guidance, we collaborated with private sector stakeholders through the Electricity Subsector Coordinating Council and the Oil & Natural Gas Subsector Coordinating Council forums.
An article on cybersecurity for the grid in the October issue of The Electricity Journal by OE’s Carol Hawk and Akhlesh Kaushiva profiles four Smart Grid Investment Grant recipients that are advancing state of the art of power grid security by designing cybersecurity into the foundation of the smart grid. The article also discusses how the Department and the energy sector are partnering to keep the smart grid reliable and secure. All Recovery Act-funded Smart Grid Investment Grant projects were required to develop cybersecurity plans that addressed how they wouldentify cybersecurity risks, how those risks would be mitigated, and how the processes would ensure that a sufficient cybersecurity posture is maintained.
Earlier this year, we released Cybersecurity Capability Maturity Models that help organizations in the electricity and oil and gas sectors evaluate, prioritize and improve their cybersecurity capabilities using a common set of industry practices that helps further strengthen their defenses. We also released Cybersecurity Procurement Language for Energy Delivery Systems guidance which provides strategies and suggested language to help the U.S. energy sector and technology suppliers build in cybersecurity protections from the very beginning – during product design and manufacturing.
Since 2010, the Department has invested more than $150 million in cybersecurity research, development and commercialization projects led by industry, universities and national labs. All of our cybersecurity activities align with the vision and goals of the Roadmap to Achieve Energy Delivery Systems Cybersecurity, which was developed by industry and facilitated by the Department. The Roadmap provides a vision, strategic direction, and goals for public and private activities over the next 10 years to enhance the cybersecurity of the electric sector.
To learn more about the Department’s support of the Administration’s strategic and comprehensive approach to cybersecurity for the grid, visit the cybersecurity section of OE’s website.