It was recently announced that the Department of Energy (DOE) is launching three new research programs aimed at protecting the security of the North American high voltage electric grid. This effort is part of the U.S. government’s ongoing efforts to protect against cascading failures of the grid, otherwise known as blackouts. The research programs will be aimed at addressing growing cyber and physical threats to the grid. Chief among program objectives will be: finding ways to create a pipeline of cybersecurity and physical security professionals, protecting against threats to the supply chain that supports the grid, and protecting against the impact of environmental hazards (e.g., wildfires).
This research will be conducted in parallel with ongoing efforts by the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corp. (NERC) to compel the industry to take measures to protect the grid. These organizations were charged with oversight of the industry following a widespread blackout that occurred in 2005. This oversight has included promulgation and enforcement of a wide range of regulations known as the NERC Standards. These Standards cover everything from cybersecurity to vegetation management to equipment maintenance to rules regarding system operations. Essentially, they are intended to protect against anything that could result in a blackout. Base penalties for violations of these Standards could be as much as $1 million U.S. per day per violation – so FERC and NERC wield a pretty large stick to enforce the regulations.
That said, it is clear that many in the U.S. government do not believe NERC’s efforts go far enough. This is evidenced by FERC’s continued pressure on NERC to write more regulations and to tighten the requirements on existing Standards. It is also evidenced by other parts of the DOE (i.e., in addition to FERC) launching efforts like the research projects mentioned above to fill any gaps that may exist in the NERC oversight model.
The bottom line? We should expect continued pressure on the regulators and on the industry as a whole to close any gaps that may exist – which includes, but is not limited to, security threats. This pressure will undoubtedly create a burning platform for the utilities to comply with an ever-rising compliance hurdle. While this will mean an increase in investment in human resources, it will also result in these organizations looking to technology to streamline and enhance the maturity of their compliance and security programs. Technologies such as ServiceNow and Archer can provide these organizations with the ability to decrease reliance on spreadsheets and email to execute their processes. The integration enabled by these technologies can provide the lift needed to help these organizations continue to hit a ever moving target. As a trusted partner to the industry, Iceberg is uniquely positioned to help these organizations leverage these technologies to advance their programs and literally “keep the lights on”.
*** This is a Security Bloggers Network syndicated blog from Risk Intelligence Academy – Iceberg Networks authored by Risk Intelligence Academy – Iceberg Networks. Read the original post at: https://icebergnetworks.com/the-department-of-energy-launches-3-new-research-programs-to-enhance-safety-and-resilience-of-the-u-s-energy-sector/?utm_source=rss&utm_medium=rss&utm_campaign=the-department-of-energy-launches-3-new-research-programs-to-enhance-safety-and-resilience-of-the-u-s-energy-sector