The Energy Department recently published a cybersecurity guidance report evaluating cybersecurity risk management and maturity readiness within the electricity industry, Fierce Government IT reports.
Molly Bernhart Walker writes the 92-page guide discussed 10 domains that the electricity sector should address regarding cybersecurity, separated by three levels.
At the first level, DOE recommends utilities identify cybersecurity risks and whether the risks are mitigated, accepted, tolerated or transferred.
The second level advises industry to document, analyze and monitor risks and create a network architecture for supporting risk analysis.
For level three, the department says utilities should create and operate risk management program and policy, create a cybersecurity architecture based on the analyzed risks and use a structured repository of identified risks.
Seventeen utilities are currently piloting the three-level guidance model, Walker reports.
The Government Accountability Office recently evaluated how the electricity industry applies both mandatory and voluntary cyber guidelines to protecting grid infrastructure.