DoE urges utilities to develop cyber security governance board
SUBNET Solutions Inc | Monday, August 13, 2012
The Department of Energy (DoE) has called on the nation's power companies to urge them to make cyber security their highest priority, and to establish a "cyber security governance board" that would be in charge of overseeing an internal cyber security program that would work closely with the DoE, Network World reports.
Any utilities that participate in the program would be required to share sensitive information about vulnerabilities or attacks, and in turn, the government would share whatever data it collects anonymously from a wide range of sources. This program would be a part of the DoE's proposed Electricity Subsector Cyber Security Capability Maturity Model, Version 1.0, which was developed through the efforts of dozens of U.S. government representatives and industry leaders.
The document states that utilities should appoint a senior executive for cyber security, who would also be a member of the company's board.
"Senior management doesn’t have a very good understanding of their security posture," said Andy Bochman, IBM’s Energy Sector Leader in the IBM Security Systems Division.
Although the majority of businesses today have a chief information security officer (CISO) or a chief security officer (CSO), many utilities have yet to adopt such titles, Bochman added. But as the smart grid continues to evolve, and more interactive information gathering techniques and data management systems develop, the role of CISO or CSO will be more important than ever, according to the media outlet.
Such officials should act as a vice president who can report to the CEO or board of directors, rather than to the chief information officer.
This idea lies at the heart of the drafted document, which is supported by Bochman as well as several industry leaders, including representatives from Carnegie-Mellon University Software Engineering Institute – CERT program, Duke Energy, American Electric Power, the Department of Defense, Southern California Edison and others.
The government is actively working to control the threat of cyber attacks, and when the recent Cyber Security Act of 2012 failed to make it through the Senate, the White House stated it was looking at several options, including an executive order, eWeek reports.
SUBNET's products help utilities meet the NERC CIP standards that have been written and are strictly enforced, helping to increase grid security as smart grid deployments grow in scale and numbers.
Substation Automation & Remote Access