On Thursday, as part of a Department of Energy funded initiative, The National Association of Regulatory Utility Commissioners (NARUC) released voluntary cybersecurity baselines for electric distribution systems and distributed energy resources (DER) companies.
According to the press release, the electric distribution systems and DER industries are fast-growing, and given that regulatory authorities are at the state level instead of through the Federal Energy Regulatory Commission, which enforces mandatory cybersecurity compliance for the U.S. grid, cybersecurity regulation among states can vary widely and the guidance is necessary to provide uniform requirements.
This initiative is divided into two phases:
- Cybersecurity Baselines define the cybersecurity controls that should be implemented, without specifying which procedures or technologies to use, as a framework for regulatory bodies and distribution utilities to develop their own cybersecurity requirements in conjunction with Phase 2 implementation strategies.
- Implementation Strategies and Adoption Guidelines to support electric distribution system stakeholders as they continue to develop and refine their cybersecurity requirements, including recommendations for assessing cybersecurity risks, prioritizing the assets to which the cybersecurity baselines might apply, and prioritizing the order in which the baselines might be implemented based on cyber risk assessments.
The guidance is also a part of the national cybersecurity strategy which directs DOE to promote cybersecurity resilience into the grid transition. DOE has other efforts aimed at securing the transition, such as the Clean Energy Cybersecurity Accelerator and the Energy Cyber Sense vulnerability testing program for grid equipment.
Mark B. Cooper, President & Founder, PKI Solutions had this to say:
“The evolving threats facing critical infrastructure, especially electric distribution systems, continue to increase while there’s a lack of proper tools that increase resilience. Regardless of the implementation of effective technologies, the mindset needs to shift to a more proactive strategy that includes real-time monitoring to identify misconfigurations so that remediations can be performed before they become security threats.
“A resilient energy grid relies on foundational cryptography systems like PKI, but historically these systems have had challenges. It’s good to see the DOE’s initiative offering a framework for these stakeholders to defend against cyber threats and promote cyber-resilience with a uniform approach, but success of the program will be dependent on implementation of enhanced identity management and encryption standards and tools in order to defend against unauthorized access and threats in the energy sector.”
Emily Phelps, VP, Cyware follows with this:
“This effort to create cybersecurity clarity and consistency is a positive step towards defending our critical infrastructure. We aim for resilience of critical energy infrastructure, and these baselines provide organizations within the energy sector a good framework to enhance their cybersecurity measures, align with industry standards, and collaboratively address the challenges posed by the evolving cyber threat landscape.”
This is a good move as this brings organizations into line. Which means they are more likely to be prepared for a cyberattack. And better yet, better able to defend against it.
Like this:
Like Loading...
Related
This entry was posted on February 27, 2024 at 8:05 am and is filed under Commentary with tags DoE. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
DoE Initiative Releases Cybersecurity Baseline For Electric Distribution Systems And DER Companies
On Thursday, as part of a Department of Energy funded initiative, The National Association of Regulatory Utility Commissioners (NARUC) released voluntary cybersecurity baselines for electric distribution systems and distributed energy resources (DER) companies.
According to the press release, the electric distribution systems and DER industries are fast-growing, and given that regulatory authorities are at the state level instead of through the Federal Energy Regulatory Commission, which enforces mandatory cybersecurity compliance for the U.S. grid, cybersecurity regulation among states can vary widely and the guidance is necessary to provide uniform requirements.
This initiative is divided into two phases:
The guidance is also a part of the national cybersecurity strategy which directs DOE to promote cybersecurity resilience into the grid transition. DOE has other efforts aimed at securing the transition, such as the Clean Energy Cybersecurity Accelerator and the Energy Cyber Sense vulnerability testing program for grid equipment.
Mark B. Cooper, President & Founder, PKI Solutions had this to say:
“The evolving threats facing critical infrastructure, especially electric distribution systems, continue to increase while there’s a lack of proper tools that increase resilience. Regardless of the implementation of effective technologies, the mindset needs to shift to a more proactive strategy that includes real-time monitoring to identify misconfigurations so that remediations can be performed before they become security threats.
“A resilient energy grid relies on foundational cryptography systems like PKI, but historically these systems have had challenges. It’s good to see the DOE’s initiative offering a framework for these stakeholders to defend against cyber threats and promote cyber-resilience with a uniform approach, but success of the program will be dependent on implementation of enhanced identity management and encryption standards and tools in order to defend against unauthorized access and threats in the energy sector.”
Emily Phelps, VP, Cyware follows with this:
“This effort to create cybersecurity clarity and consistency is a positive step towards defending our critical infrastructure. We aim for resilience of critical energy infrastructure, and these baselines provide organizations within the energy sector a good framework to enhance their cybersecurity measures, align with industry standards, and collaboratively address the challenges posed by the evolving cyber threat landscape.”
This is a good move as this brings organizations into line. Which means they are more likely to be prepared for a cyberattack. And better yet, better able to defend against it.
Share this:
Like this:
Related
This entry was posted on February 27, 2024 at 8:05 am and is filed under Commentary with tags DoE. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.