DOE Recommends Three Levels for Cyber Utility Risk Management

July 25, 2012 | Filed under: Cyber | Posted by:

The Energy Department recently published a cybersecurity guidance report evaluating cybersecurity risk management and maturity readiness within the electricity industry, Fierce Government IT reports.

Molly Bernhart Walker writes the 92-page guide discussed 10 domains that the electricity sector should address regarding cybersecurity, separated by three levels.

At the first level, DOE recommends utilities identify cybersecurity risks and whether the risks are mitigated, accepted, tolerated or transferred.

The second level advises industry to document, analyze and monitor risks and create a network architecture for supporting risk analysis. 

For level three, the department says utilities should create and operate risk management program and policy, create a cybersecurity architecture based on the analyzed risks and use a structured repository of identified risks.

Seventeen utilities are currently piloting the three-level guidance model, Walker reports.

The Government Accountability Office recently evaluated how the electricity industry applies both mandatory and voluntary cyber guidelines to protecting grid infrastructure.

Related posts:

  1. DOE Kicks Off Cyber Initiative with NIST to Protect Power Grid
  2. British Ministry of Defense at Risk for Cyber Attack
  3. Lockheed Martin Launches Cybersecurity Software for Utility, Energy Sectors
  4. CACI’s Paul Cofoni Sees Cyber Threat on Three Levels
  5. DOE may be at risk for cyber attack

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>