State commissions can select from a toolkit of regulatory approaches to promote desired utility cybersecurity behavior. One approach is to allow the industry to selfregulate, and another approach...
Securing Tomorrow's Grid (Part II)
Public-private collaboration to protect our infrastructure.
Intelligent systems and two-way communications are bringing a host of advancements to the utility industry, from time-of-use metering to faster outage detection and service restoration. But this smart grid also presents new cyber security challenges, as malicious actors and malware threaten customer privacy and grid operations.
The utility industry faces threats in several operational domains, such as transmission, distribution and home area networks (see “ Securing Tomorrow’s Grid (Part I) ”). Securing these domains to manage cyber threats requires close collaboration among a wide range of stakeholders—including utility companies, equipment and technology vendors, regulatory agencies, and researchers at national laboratories and universities.
These stakeholders already have made substantial progress toward characterizing and tracking cyber risks, and public-private partnerships are working to address these risks. As the industry develops and implements smart grid systems across multiple utility domains, continued commitment will be critical for mitigating immediate threats, while also planning for the long-term requirements of a modernized electric grid.
Public-Private Security Efforts
The release of the 2006 Roadmap to Secure Control Systems in the Energy Sector —facilitated jointly by the U.S. Department of Energy and the Department of Homeland Security—established a public-private partnership to enhance cyber security in the energy sector. The Roadmap provides a common vision and collective plan to improve cyber security over 10 years, through systems assessment, next-generation R&D, best practices, and outreach. Because the Roadmap was built on the collective insights of the control systems community—including owners and operators, commercial vendors, national laboratories, industry associations, and government agencies—it helped launch a host of projects and initiatives. A user-driven online tool, the interactive energy Roadmap 1 (ieRoadmap), is tracking the progress of more than 65 projects linked to specific Roadmap goals.
In 2010, industry began updating the Roadmap to address emerging smart grid cyber security considerations and the evolving technology and changing threat landscape of the energy sector. This update, the 2011 draft Roadmap to Achieve Energy Delivery Systems Cybersecurity ,2 outlines strategies and milestones that aim to enable industry and government to design, install, operate, and maintain resilient energy delivery systems that will survive a cyber incident while sustaining critical functions. Multiple government agencies and industry organizations are using the Roadmap to allocate resources and support a number of activities that directly align with the Roadmap goals (see sidebar, “Collaborating on Cyber Security”).
With $12 million of financial assistance through the American Recovery and