U.S. releases smart grid cybersecurity strategy

Published 19 September 2011

Last week the U.S. Department of Energy released its strategic framework for its plan to install and secure the nation’s electrical grid system over the next decade; the report outlines a plan to coordinate efforts by the government and the private sector to begin designing and implementing an electrical grid that is capable of withstanding a cyberattack

Last week the U.S. Department of Energy released its strategic framework for its plan to install and secure the nation’s electrical grid system over the next decade.

The report titled the 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity outlines a plan to coordinate efforts by the government and the private sector to begin designing and implementing an electrical grid that is capable of withstanding a cyberattack.

“Increased insight from private-public collaborations will allow us to better protect the nation’s energy delivery systems that keep our lights on and the power flowing,” said U.S Energy Secretary Steven Chu. “The 2011 Roadmap takes the necessary steps to strengthen the security and reliability of our country’s electric grid, in a climate of increasingly sophisticated cyber incidents.”

The 2011 report drew heavily on industry recommendations and includes five key strategies:

  • Build a Culture of Security. When integrated with reliability practices, a culture of security ensures sound risk management practices are periodically reviewed and challenged to confirm that established security controls remain in place and changes in the energy delivery system or emerging threats do not diminish their effectiveness.
  • Assess and Monitor Risk. Assessing and monitoring risk gives companies a thorough understanding of their current security posture, enabling them to continually assess evolving cyber threats and vulnerabilities, their risks, and responses to those risks.
  • Develop and Implement New Protective Measures to Reduce Risk. In this strategy, new protective measures are developed and implemented to reduce system risks to an acceptable level as security risks—including vulnerabilities and emerging threats—are identified or anticipated. These security solutions are built into next-generation energy delivery systems, and appropriate solutions are devised for legacy systems.
  • Manage Incidents. When proactive and protective measures fail to prevent a cyber incident, detection, remediation, recovery, and restoration activities minimize the impact of an incident on an energy delivery system. Post-incident analysis and forensics enable energy sector stakeholders to learn from the incident.
  • Sustain Security Improvements. Sustaining aggressive and proactive energy delivery systems security improvements over the long term requires a strong and enduring commitment of resources, clear incentives, and close collaboration among stakeholders. Energy sector collaboration provides the resources and incentives required for facilitating and increasing sector resilience.