Society of Information Risk Analysts

  • SiRA Home
  • Resources
  • Blog Posts
  • U.S. Department of Energy Seeks Feedback on Electricity Sector Cybersecurity Risk Management Maturity Model

U.S. Department of Energy Seeks Feedback on Electricity Sector Cybersecurity Risk Management Maturity Model

2012-03-22 22:37 | Marcin Antkiewicz

This blog entry was originally written by Jeff Lowder (@agilesecurity), I am just migrating the post to the new SIRA site. 

This is not breaking news, but I’m posting this announcement here just in case interested parties had not already heard the news. As explained on the Department of Energy's website:

The Department of Energy, in partnership with the Department of Homeland Security, is leading a new White House initiative to create a more comprehensive and consistent approach to protecting the nation’s electric grid against cyber attacks. The Electric Sector Cybersecurity Risk Management Maturity initiative will combine elements from existing cybersecurity efforts to develop a maturity model that allows electric utilities and grid operators to assess their own cyber strengths and weaknesses and prioritize their investments. This initiative is the next logical step in a continued effort by public and private stakeholders to identify steps to improve the cybersecurity of the electric grid and will leverage years of work and lessons learned from both the private and public sector.

Officials from the Energy Department, the White House and DHS met with leaders in the electric sector, research organizations, industry associations, academia and other government agencies from across the electric sector on January 5, 2012 to launch the initiative and request their expertise and participation in the public-private partnership. Since then, there has been a huge response from industry, with numerous utilities indicating they are interested in offering their expertise in developing and/or piloting the model. For the pilot, we want a group that is representative of the industry so we expect participants to include utilities such as public power companies, ISOs/RTOs, IOUs, and coops. The pilot will be conducted in April, and the model should be available to the electric sector this summer.

Maturity models begin as works in progress and mature as lessons learned and best practices evolve and the model is refined. We expect to see this model refined over time as the model is used and more lessons learned and best practices are incorporated

As we saw at the launch of this initiative and have seen in the days since, there is a sense of urgency and willingness in the industry and among our public partners to move forward quickly. We are now capitalizing on that momentum to develop a useful tool that can be used effectively across the entire electric sector.

As we move forward with the initiative, we will post periodic updates on the Office of Electricity Delivery and Energy Reliability website. If your organization is interested in receiving updates via email, please contact us at

©2010-2023 Society of Information Risk Analystsa 501(c)(3) non-profit organization. Our Privacy Policy.

Powered by Wild Apricot Membership Software