Cyber-attacks have grown rapidly in the last few years and the energy sector has become a prime target for those attacks. In 2016, 20 percent of incidents reported to the U.S. Department of Homeland Security (DHS) targeted the energy sector. Electricity is informally considered the most critical of the 16 critical infrastructure sectors designated by DHS; water, wastewater, communications, transportation and other parts of the energy sector all depend on reliable and secure electric power. Because of these interdependencies, a successful cyber-attack on the electric system could have serious secondary effects: disrupting power or fuel supplies, damaging specialized equipment, and jeopardizing public welfare.
States are developing strategies for enhancing electric grid cybersecurity as they move toward a more modern, connected infrastructure. This white paper recommends seven actions for governors to consider in order to protect electricity infrastructure and personally identifiable information (PII):
- Define Roles and Responsibilities and Coordinate Efforts
- Incorporate Cybersecurity Roles and Responsibilities into
- Energy Assurance Planning
- Protect Sensitive Information
- Collaborate with Utility Regulators
- Participate in Cyber Response Exercises
- Leverage the National Guard and Civilian Workforce
- Conduct Risk Assessments
The paper also details roles and responsibilities for key state and industry stakeholders and catalogues important resources.