The Department of Energy (DOE) has announced a collaborative grid cyber security initiative with the National Institute of Standards and Technology (NIST) and the North American Electric Reliability Corporation (NERC). Led by the DOE’s Office of Electric Delivery and Energy Reliability, the effort will also collaborate with public and private sector representatives including the NIST Smart Grid Interoperability Panel’s Cyber Security Working Group (CSWG) and the Federal Energy Regulatory Commission (FERC).

This announcement comes shortly after the FERC held a Technical Conference to determine if the smart grid interoperability standards developed by NIST were ready for adoption. The panelists unanimously stated that there was not ‘sufficient consensus’ for FERC adoption, and one of the reasons given was inadequate assessment of cyber security impacts and the lack of cyber security experts involved in the standards making process. Further, the DOE recently released an Audit Report on FERC’s monitoring of grid cyber security that found that FERC approved cyber security standards and general FERC oversight of these guidelines were inadequate.
According to the press release issued by DOE, this new group will formulate “a risk management process guideline that provides utilities a flexible, fundamental approach to managing cyber security risks through a three-tiered approach, addressing risks at the (i) organization level; (ii) mission/ business process level; and (iii) information system level.” It expects this guideline will provide utilities more information about potential risks in their systems and how best to address them. For more information, contact the UTC Legal/Regulatory Department.