The stakes were demonstrated in the sweltering summer of 2003, when a blackout powered down the Northeast United States, leaving about 45 million Americans without electricity.
And that was an accident.
As electric and power companies make increasing gains in modernizing the electric grid, fears of a hacker sabotaging part of the nation’s power supply have only grown.
After an unfavorable report from the Government Accountability Office found troubling areas of concern in how the National Institute for Standards and Technology has developed security guidelines for the smart grid, the Energy Department is launching an initiative to strengthen its cybersecurity on the electric grid.
Developing adequate security controls must go hand-in-hand with further developing the smart grid, said an official with DOE’s Office of Electricity Delivery and Energy Reliability (OE).
“Cybersecurity is vital to the development of a modern electric grid,” OE Assistant Secretary Patricia Hoffman said. “We recognize that each utility faces different risks; now we need to provide them with standard, adaptable solutions to manage those risks.”
DOE’s initiative will bring together regulatory body. DOE said the efforts will be “an open collaboration with representatives from across the public and private sectors to develop a cybersecurity risk management process guideline for the electric sector.”
Setting cybersecurity guidelines for the electrical grid can be tricky because current approaches are fragmented. While the requirements often overlap, there is also a tendency for gaps in security to emerge.
The key to developing security for the smart grid lies in interoperability and integration, DOE experts said.
“Effectively managing cyber security risk in the electric grid will require utilities to have an integrated approach across missions, business processes and the control systems and information systems that support those processes,” said George Arnold, NIST’s national coordinator for smart grid interoperability.
A draft guideline of DOE’s initiatives will be made available for public review and comment before it is finalized.