Crossroads Blog | CYBER SECURITY LAW AND POLICY

Official Policy, regulation

Department Of Energy Releases Cybersecurity Roadmap

I missed this when it first came out, but better late than never. 

In a September 15th, 2011 press release, the US Department of Energy released its 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity.  The DOE billed the report as the outline for "a strategic framework over the next decade among industry, vendors, academia and government stakeholders to design, install, operate, and maintain a resilient energy delivery system capable of surviving a cyber incident while sustaining critical functions." 

DOE Secretary Steven Chu said that “Increased insight from private-public collaborations will allow us to better protect the nation’s energy delivery systems that keep our lights on and the power flowing . . . The 2011 Roadmap takes the necessary steps to strengthen the security and reliability of our country’s electric grid, in a climate of increasingly sophisticated cyber incidents.”

Finally, White House Cybersecurity Coordinator Howard A. Schmidt had this to say: “This update marks a continued effort by public and private energy sector stakeholders to reduce cyber vulnerabilities that could disrupt the nation's ability to deliver power and energy . . . It extends the commitment of industry and government to work in partnership to develop, deploy, and maintain resilient energy delivery systems that sustain the essential energy services our national security, safety, and economy depend upon.”

The Roadmap outlines five strategies to strengthen cybersecurity in US critical infrastructure:

  • Build a Culture of Security. 
  • Assess and Monitor Risk. 
  • Develop and Implement New Protective Measures to Reduce Risk.
  • Manage Incidents.
  • Sustain Security Improvements

The report can be found here.

The press release can be found here.

***

I haven't had a chance to read the report, but Molly Walker summarized some of its key points for FierceGovernmentIT.

Specifically, Walker quoted the report as saying that "regulatory uncertainty caused by changing and new regulations can introduce risk for private sector cybersecurity investments."  In effect, the uncertainty from these changing regulations has caused utility companies to "adopt a culture of compliance rather than comprehensive and effective cybersecurity." 

Furthermore, the report calls for improved information sharing between the government and private sector.  This improved information sharing should "establish a legal framework to enable effective information sharing between industry, government and academia."

Interestingly, the road map references NSTIC as an essential strategy for implementation.

The FierceGovernmentIT article can be found here.

Leave a Reply