This is a central concept contained in the lengthy Electricity Subsector Cybersecurity Capability Maturity Model document, and Bochman is among the dozens of representatives from industry, the government and the electric sector that provided input into the document. Others outside of DoE include representatives from Carnegie-Mellon University Software Engineering Institute CERT program; Duke Energy; Oncor; Vermont Electric Cooperative; UtiliSec; American Electric Power; Dept. of Defense; Centerpoint Energy; Consolidated Edison; Baltimore Gas & Electric; Southern California Edison; and several more.
The DoE guidance, over 90 pages, says the government hopes electric-power companies will each establish a cybersecurity governance board that will develop a cybersecurity strategy for the utility and recruit a new vice president of cybersecurity to implement a program based on the strategy. The approval of the cyber strategy is expected to come from the top management at the utility first before its carried out through the business groups.
The DoE document also suggests that utilities should be not think cyber-incidents wont happen and they should be prepared to respond publicly about any immediate and collateral damage from potential incidents and the public relations issues that follow.
The topic of cybersecurity and critical infrastructure protection has become fiercely debated recently in Congress, where the current critical-infrastructure cybersecurity legislation has stalled due to Republicans blocking it from a vote. That situation has left the White House angered, and its letting it be known that President Obama is considering taking executive action related to cybersecurity controls over industry if the legislation doesnt move forward in the future.
Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: email@example.com.
Read more about wide area network in Network World's Wide Area Network section.