Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 7th, 2012 in Government Policy by Simply Security | Be the first to comment | Tags: Government Policy

The DOE's new cybersecurity self-evaluation tool will help utility providers determine their baseline threat protection capabilities.

As private-sector researchers and government officials continue to call for vital improvements in energy grid cybersecurity, the U.S. Department of Energy (DOE) has extended a lifeline to utility companies with the release of a new self-evaluation tool to help uncover vulnerabilities.

Last week, Energy Secretary Steven Chu reiterated the Obama administration's commitment to fostering cross-sector collaboration in protecting the nation's most critical assets. The latest educational resource provided to utility operators is part of a larger White House strategy to determine current baseline network defense capabilities within the industry.

"The new Cybersecurity Self-Evaluation Survey Tool for utilities is vitally important in today's environment where new cyberthreats continue to emerge," Chu stated. "Adoption by the electric sector will further protect critical infrastructure and, at the same time, provide an invaluable view of the industry's cybersecurity capabilities."

This new tool came as the product of a series of workshops which welcomed private-sector contributors to discuss their latest cybersecurity best practice insights. The broader Cybersecurity Capability Maturity Model into which the evaluation mechanism fits is being credited to the thoughtful collaboration of the Department of Homeland Security, Carnegie Mellon University and industry engineers.

After completing a questionnaire that objectively accounts for everything from situational awareness capabilities to threat response strategies, utilities will be provided with a comprehensive report detailing potential vulnerabilities and the specific set of best practices they should refer to.

"It is recommended that utilities then develop a prioritized plan of action for addressing gaps, conduct evaluations periodically to track their progress with improving their cybersecurity capabilities and consider additional evaluations when major changes occur in the business, technology or threat environments," DOE officials stated.

Arming utility providers with the intelligence they need to recognize and troubleshoot their own data security issues is as practical as it is necessary. As Energy Biz contributor Terry Boston recently noted, the U.S. electric grid effectively represents the largest machine in the world and is thus susceptible to routine failures or targeted attacks at any number of layers and locations.

With some of the nation's greatest energy intelligence resources, such as the Pacific Northwest National Laboratory and Oak Ridge National Laboratory, suffering intrusions of their own, the common utility provider could be facing a monumental challenge. And with the fate of the greater systems tied to so many separate entities, staffing all endpoints with informed administrators is essential for shared success.

Security News from SimplySecurity.com by Trend Micro