Energy Department to analyze power grid cyber threats

Share this article:
U.S. Energy Secretary Steven Chu has unveiled an initiative that seeks to further protect the power grid from cyber attacks.

The Electric Sector Cybersecurity Risk Management Maturity project, a federal program to find and contain gaps in the cyber security defenses protecting the nation's electric grid, will be headed by the Department of Energy (DOE), with assistance from the Department of Homeland Security (DHS) and the private sector. The program originated from a proposal from the White House.

“Establishing a comprehensive cyber security approach will give utility companies and grid operators another important tool to improve the grid's ability to respond to cybersecurity risks,” Chu said in news release last week.

Patrick Miller, president and CEO of the National Electric Sector Cybersecurity Organization, a nonprofit that supports organizations operating within the energy sector, said the DOE is the right choice to assess how the grid will behave, should there be an attack.

But the major issue asset owners still face is whom to contact for response when an attack occurs.

The DOE has limited regulatory authority and is more focused on research, he says. Currently, the Federal Energy Regulatory Commission (FERC) oversees the majority of system security standards, while the DHS, DOE and National Security Agency (NSA) also have oversight responsibilities.

In addition to the federal agencies with enforcement and reporting responsibilities, Miller said states also exert cyber security responsibility over infrastructure operations, including the power grid. Fusion centers, facilities funded by the DHS and manned by both state and federal emergency response officials but ultimately managed by the states, also have jurisdiction if attacks are made on infrastructure assets, he said.

Miller said the DOE initiative is a good first or second step in determining how to protect the power grid, but a critical issue that has yet to be addressed is response. “If an (infrastructure) owner is under attack, who do you call?” he asked.

The DOE plans to hold a series of workshops with the private sector representatives over the coming months to draft the maturity model. More than a dozen electric utilities and grid operators are expected to participate in the pilot project, the DOE said.

The announcement follows  the release of a report from the Massachusetts Institute of Technology (MIT) that suggests that the U.S. power grid could not be fully protected from cyber attacks and recommended that a single federal agency be put in charge for all cyber security.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.