Article by Boris Segalis
On February 1, 2011, the Department of Energy announced the launch of the Cyber Security Initiative to develop cyber security risk management process guidelines for the electric grid.
The Department’s Office of Electricity Delivery and Energy Reliability will lead the effort in collaboration with the National Institute of Standards and Technology and the North American Electric Reliability Corporation.
The core team has invited stakeholders from across the utility sector to participate in the initiative, including representatives from the Federal Energy Regulatory Commission, the Department of Homeland Security, and both publicly and privately-owned utilities.
The proposed guidelines will seek to provide utilities a flexible, fundamental approach to managing cyber security risks through a three-tiered approach, addressing risks at the
- (i) organization level;
- (ii) business process level; and
- (iii) information systems level.
The guidelines will allow utilities to better understand cyber security risks, assess their severity, and allocate resources to more efficiently manage the risks.
The initiative will produce a draft guideline document that will be available for public review and comment, and then finalized and issued by the group.
Cross-posted from InfoLawGroup