The US Department of Energy released the Cybersecurity Procurement Language for Energy Delivery Systems to help utilities ask the right questions when purchasing the hardware and software that run the electric grid. The new guidance also helps ensure that the testing, manufacturing, delivery, and installation of new technologies emphasize cybersecurity requirements.
This energy delivery systems guidance builds on the Cybersecurity Procurement Language for Control Systems guidance developed in collaboration between industry, the Energy Department, its Idaho National Laboratory, and the Department of Homeland Security in 2009.
In the past year, DOE has released Cybersecurity Capability Maturity Models for the electricity and oil and gas sectors to improve their cybersecurity capabilities using a common set of industry practices. Over 230 organizations, including more than 100 utilities, have requested this tool. In addition, in 2013, DOE launched the Cybersecurity Risk Information Sharing Program to provide electricity sector organizations with near-real-time cyber threat information and analysis.