Implementing Cybersecurity Frameworks: Utility Lessons Learned

Implementing Cybersecurity Frameworks: Utility Lessons Learned

  • Utility experiences in implementing cybersecurity frameworks
  • How key challenges in implementing cybersecurity frameworks can be thoughtfully addressed
  • Improve the security and resilience of critical infrastructure

Utility experiences in implementing NIST and DOE cybersecurity frameworks

The Department of Energy (DOE) released the Energy Sector Cybersecurity Framework Implementation Guidance in 2015 to help the energy sector establish or align existing cybersecurity risk management programs. Using DOE’s Electricity Subsector Cybersecurity Capability Maturity Model (C2M2), these programs can meet the objectives of the cybersecurity framework (CSF) developed by the National Institute of Standards and Technology (NIST).

The CSF and C2M2 frameworks allow organizations to apply the principles and best practices of cyber risk management to improve the security and resilience of critical infrastructure. Asset owners gained a huge amount of practical knowledge and experiences during implementation of these frameworks.

This paper presents the best practices, lessons learned, and actionable innovations by utilities in implementing CSF and C2M2 to manage their cybersecurity programs. These lessons can be helpful to key stakeholders involved in scoping their cybersecurity plans, assessing their current state of cybersecurity, determining their target state using risk-based approaches, prioritizing their gaps, and advising their senior management.

What’s in the report

  • Challenges in implementing cybersecurity frameworks
  • High-level lessons learned
  • Guidance on implementation, development of organizational objectives, identifying key organizational threats, identifying target profiles, and identifying organizational weaknesses and gaps
  • Helpful tools and resources

Fill out this form to get the report.