The White House has launched a new initiative designed to help companies in the electric power industry measure the maturity of their security programs against a new maturity model. The program is being run in tandem with the Department of Homeland Security and Department of Energy and is meant to help the utility companies find their weak spots and where they need to improve.
The Electric Sector Cybersecurity Risk Maturity Model Pilot is the first such program launched by the White House, which has been pointing to information security–and specifically the security of systems running utilities and critical infrastructure–as a priority since the beginning of the Obama administration. The administration has developed a number of strategies and policy documents in the last few years, but this is the first foray into the kind of maturity model that typically is seen in private industry.
The White House, DHS and Energy launched the initiative last week with a meeting of government officials and executives from electric companies to discuss the main problems facing the industry when it comes to information security.
“This initiative — the Electric Sector Cybersecurity Risk Maturity Model Pilot — is a new White House initiative led by the Department of Energy, in collaboration with the Department of Homeland Security, to develop a model to help us identify how secure the electric grid is from cyber threats and test that model with participating utilities. Gaining knowledge about strengths and remaining gaps across the grid will better inform investment planning and research and development, and enhance our public-private partnership efforts,” Howard Schmidt, the White House cybersecurity coordinator, said in a blog post.
” I was encouraged to see an impressive number of electric sector leaders participating and sharing their views with us. Their high level of interest in this new effort reaffirmed for me that these stakeholders share our desire to better understand the strengths and remaining gaps across the sector, so that together we can continue to take concrete steps to protect the electric grid from cyber threats.”
There are expected to be more than a dozen electric companies involved in the pilot program, but it’s not exactly clear of what the maturity model will consist. Typical maturity models in the security industry, such as the BSIMM software security model, involve studying the way that organizations with mature programs behave and operate and then allowing other organizations to measure themselves against those activities. Part of the new electric industry program will likely involve identifying companies that have mature security programs in place.
“This initiative is another important step forward in improving the security of the Nation’s energy infrastructure and ensuring that the country’s electrical systems remain secure, reliable and resilient,” said Steven Chu, secretary of Energy. “Establishing a comprehensive cybersecurity approach will give utility companies and grid operators another important tool to improve the grid’s ability to respond to cybersecurity risks.”
