DoE unveils roadmap for making the power grid resistant to cyber threats


A new report identifies steps to plan, implement and maintain a resilient infrastructure for the electric, oil and natural gas industries in the face of cyber threats. The roadmap, written by the Energy Sector Control Systems Working Group, a public-private partnership, and published on the Energy Department website Sept. 19, aims to build a power grid to withstand a cyberattack without interruption of critical functions by 2020.

While many energy security standards originate from government, particularly from the Federal Energy Regulatory Commission, regulation can also present challenges, say report authors.

"Regulatory uncertainty caused by changing and new regulations can introduce risk for private sector cybersecurity investments," finds the report. Utility companies have adopted a culture of compliance rather than "comprehensive and effective cybersecurity."

The roadmap does note that the Guidelines for Smart Grid Cyber Security (NIST-IR 7628) and a forthcoming implementation of the National Strategy for Trusted Identities in Cyberspace will provide essential strategies for energy delivery system security.

The government could be providing more support toward energy sector cybersecurity efforts by improving information sharing. As part of the roadmap the working group hopes to "enhance environments for securely sharing collected government information on threats and real-world attacks with asset owners and vendors" and "establish legal framework to enable effective information sharing between industry, government and academia."

Government-funded research and scientists at federal laboratories could also be doing more to explore long-term solutions and develop tools to assist industry, notes the report.

The 10-year road map lays out voluntary, shared strategies for security and provides an update from the group's 2006 road map. The report focuses on new threats, such as the Stuxnet worm and looks at the energy sector more broadly by including industrial control systems, mobility issues and smart metering.

For more:
- see the road map (.pdf)

Related Articles:
DOE: Interagency collaboration underway on smart grid security 
NIST: More research needed for smart grid cybersecurity