The Electricity Subsector Cybersecurity Capability Maturity Model, which allows electric utilities and grid operators to assess their cybersecurity capabilities and prioritize their actions and investments to improve cybersecurity, combines elements from existing cybersecurity efforts into a common tool that can be used consistently across the industry. The Maturity Model was developed as part of a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS) and involved close collaboration with industry, other Federal agencies, and other stakeholders.
The Department of Energy has a long history of working closely with Federal partners, including DHS, on cybersecurity of the North American electric grid. The Department recently released the Electricity Subsector Cybersecurity Risk Management Process (RMP) Guideline which helps utilities better understand their cybersecurity risks, assess severity, and allocate resources more efficiently to manage those risks. All of these activities align with the Roadmap to Achieve Energy Delivery Systems Cybersecurity, which was released in September 2011 by DOE and outlines a strategic framework over the next decade to design, install, operate, and maintain a resilient energy delivery system capable of surviving cyber incidents while sustaining critical functions.
The Electricity Subsector Cybersecurity Capability Maturity Model is now available for downloading.