The government is trying once again to whip the key players behind the country's electrical grid into a security force that can defend against mounting cyber threats.
The US Department of Energy today announced what it calls an "Electric Sector Cybersecurity Risk Management Maturity" project that will let utility companies and grid operators measure their current capabilities and analyze gaps in their cyber defenses. Maturity models, the DOE stated, rely on best practices to identify an organization's strengths and weaknesses, are widely used by other sectors to improve performance, efficiency and quality.
More on power: 15 cool energy projects of 2011
The initiative, which will involve officials from the Energy Department, the White House, the Department of Homeland Security and key utility companies will over the next several months draft a maturity model that can be used throughout the electric sector.
More than a dozen electric utilities and grid operators are expected to participate in the pilot program to test the model, assess its effectiveness and validate results. This program will help develop a risk management maturity model that is expected to be made available to the electric sector later this summer, the DOE stated.
"Establishing a comprehensive cybersecurity approach will give utility companies and grid operators another important tool to improve the grid's ability to respond to cybersecurity risks." said U.S. Energy Secretary Steven Chu in a statement.
The move builds on other tactics the DOE and other government entities are developing to try to better protect the nation's vulnerable grid.
For example the DOE in September issued a roadmap that defined key challenges to building a secure energy infrastructure. In that report the DOE noted that Over the next five years, energy companies will face a critical shortage of engineers and skilled craft workers. For example, about 45% of engineers-7,000 in electric utilities alone-are predicted to retire or leave for other reasons. Compounding that, two to three times more power engineers may be needed to satisfy the needs of the entire economy and future operations will require broader skill sets than those prevalent today," the report states.
Keeping key people is just one of the many challenges to building what the DOE calls a culture of security. From the report:
In December my colleague Ellen Messmer noted that since the year 2000, the Department of Homeland Security (DHS) has encouraged states and cities to establish so-called "Fusion Centers" to operate under local control and collect information from the likes of power companies and water utilities about incidents that might have national-security implications. There are now 72 of these Fusion Centers in the U.S., which vary in their practices, according to DHS.
Those observations were from a Network World story that told of the controversy surrounding a reported cyber attack on an Illinois water plant. When one of those centers, the Illinois Statewide Terrorism and Intelligence Center (STIC), issued a brief report on Nov. 10 titled "Public Water District Cyber Intrusion," it led to a firestorm of controversy, putting what has been a secretive reporting system in the harsh glare of the public spotlight, and highlighting the intrinsic weakness in the way the U.S. critical-infrastructure incident reporting system works today.
It is these types of challenges facing the DOE and others involved with protecting critical infrastructures.
Layer 8 Extra
Check out these other hot stories: