Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
The US Energy and Homeland Security departments will team up to assess information security weakness in the nation's power grid.
The Electric Sector Cybersecurity Risk Management Maturity project is a federal program to find and contain gaps in the cyber security defenses protecting the nation's electric grid.
The program originated from a proposal from the White House.
Establishing a comprehensive cyber security approach will give utility companies and grid operators another important tool to improve the grid's ability to respond to cybersecurity risks,” Energy Secretary Steven Chu said.
The US-based National Electric Sector Cybersecurity Organisation CEO, Patrick Miller, said the Department of Energy (DOE) is the right choice to assess how the grid will behave, should there be an attack.
But the major issue asset owners still face is whom to contact for response when an attack occurs.
The DOE has limited regulatory authority and is more focused on research, he says.
Currently, the Federal Energy Regulatory Commission oversees the majority of system security standards, while the Department of Homeland Security (DHS), DOE and National Security Agency also have oversight responsibilities.
In addition to the federal agencies with enforcement and reporting responsibilities, Miller said states also exert cyber security responsibility over infrastructure operations, including the power grid.
Fusion centers, facilities funded by the DHS and manned by both state and federal emergency response officials but ultimately managed by the states, also have jurisdiction if attacks are made on infrastructure assets, he said.
Miller said the DOE initiative is a good first or second step in determining how to protect the power grid, but a critical issue that has yet to be addressed is response.
“If an (infrastructure) owner is under attack, who do you call?” he said.
The DOE plans to hold a series of workshops with the private sector representatives over the coming months to draft the maturity model.
More than a dozen electric utilities and grid operators are expected to participate in the pilot project, the DOE said.
The announcement follows the release of a report from the Massachusetts Institute of Technology that suggests that the US power grid could not be fully protected from cyber attacks and recommended that a single federal agency be put in charge for all cyber security.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.