Department of Energy Sets Roadmap for Secure Infrastructure

The Roadmap to Achieve Energy Delivery Systems Cybersecurity is a new program recently released by the Department of Energy (DOE). The plan calls for the creation of a culture of security by officials and takes into consideration improved risk management practices that are occasionally reviewed and challenged.

The DOE feels that doing this ensures that security controls remain in place and are effective, even in the face of changes to the energy-delivery system and in response to emerging threats.

Also, the DOE cites the plan’s increased ability to effectively deal with cyber threats even when normal preventative measures fail to work. This includes implementing improved detection, remediation, recovery, and restoration programs by stakeholders to try and alleviate any impact the incident might have. They should also conduct analysis after the fact to try and learn from the attack.

Last, but not least, the roadmap calls for the commitment by the energy sector of the resources necessary to sustain current and future security improvements.

The roadmap, released September 2011 by the Energy Sector Control Systems Working Group, a private and public conglomeration of security experts, is an attempt to update the roadmap released in 2006 — and that takes into account the changing environment and increasing sophistication of the threats to cybersecurity in this day and age.

Some of the obstacles possibly hindering the roadmap from achieving its goals are:

  • A shortage of skilled engineers and craft workers to implement these security changes and maintain them once in place
  • A limited knowledge, understanding, and appreciation of the security risks that confront energy-delivery systems
  • The rapidly changing security risk landscape

Experts have long worried about threats to the U.S. energy delivery system, even to the point that President Obama has put in place a number of directives to help the private sector improve security in this area. Add to this estimates that utility companies will invest more than $21 billion by 2015 on cybersecurity, and it seems we are well on our way to ensuring that the world’s electrical grid is well protected.

For more information about The DOE’s Roadmap for Secure Infrastructure, visit:

http://energy.gov/sites/prod/files/Energy%20Delivery%20Systems%20Cybersecurity%20Roadmap_finalweb.pdf

and

http://www.informationweek.com/news/government/security/231601606