Cybersecurity is an issue that is on everyone’s mind today, so utilities and grid operators may be interested in a new software program that enables them to assess their cybersecurity capabilities. The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) includes a cybersecurity self-evaluation survey tool, which looks at situational awareness, along with threat and vulnerability management, to allow a utility an internal option for the cybersecurity discussion. Utilities can also use ES-C2M2’s series of gradual assessments in platform areas to build a complete picture for prioritizing future cybersecurity actions and investments.
The Energy Department (DOE) developed the model in a public/private partnership formed in 2011, and launched the first version in May 2012. The White House approached DOE with a challenge to develop capabilities to manage dynamic threats and understand grid cybersecurity. The objectives for the model development included the desire to strengthen cybersecurity capabilities, along with the need to enable consistent evaluation and benchmarking, share knowledge and benefits and help prioritize actions and investments.
More than 77 utilities—cooperatives, international, investor-owned utilities, public power and regional transmission organizations—have downloaded ES-C2M2’s assessment tool. The DOE went on-site with 17 industry volunteers to walk through the model, using feedback from them to make changes in the next version. Comments have led to additional maturity indicator levels, performance metrics and measurement and informative materials.
DOE developed the model specifically for the electricity industry with Department of Homeland Security (DHS), Carnegie Mellon University and industry stakeholders. Utilities can download ES-C2M2 or contact DOE for more information. If you decide to explore this tool to improve your cybersecurity, don’t forget to share what you learn with Energy Services. Source: energybiz, 3/20/13