DOE issues guidance on electric grid cybersecurity

The Department of Energy (DOE) issued recommendations Monday for how the energy industry and its suppliers should build cybersecurity protections into power delivery systems.

The guidance lays out language that utilities and other should use in the procurement process to ensure that they’re buying the right products and features to keep the electric grid safe from cyber attacks, DOE said. It followed a 2009 guidance on cybersecurity that focused on power control systems.

ADVERTISEMENT
“The Energy Department is committed to building a stronger and more secure electric grid through partnerships with industry, state and local governments and other federal agencies,” Energy Secretary Ernest Moniz said in a Monday statement. “As we deploy advanced technologies to make the U.S. power grid more reliable and resilient, we must simultaneously advance cybersecurity protections.”

DOE touted the guidance as a product of a partnership with the private sector and the agency’s research laboratories.

“These efforts have produced tangible results, including this resource, which will enable organizations to use the principles in the new cybersecurity framework to address supply chain considerations,” said Michael Daniel, the White House’s cybersecurity coordinator.

While the Energy Department’s cybersecurity efforts have been under way for years, the overall issue of grid security has gotten a great deal of attention recently, especially after a sniper attack on a San Jose, Calif., power substation.

Last month, Sen. Ed Markey (D-Mass.) and Rep. Henry Waxman (D-Calif.) introduced a bill to give DOE’s Federal Energy Regulatory Commission a wide range of authority over grid security issues and regulations, including cybersecurity.