Categories: Security

Energy Sector – Presented the Cybersecurity Framework Implementation Guidance

The US Energy Department issued the guidance “Energy Sector Cybersecurity Framework Implementation Guidance” for organizations operating in the industry.

The Energy industry is constantly under attack, the number of hacking campaigns that are targeting the sector is increasing exponentially. Energy companies and utilities have to adopt a proper cyber security posture in order to mitigate the cyber threats. Some of the pillars for the approach of cyber security in the Energy industry are the development of efficient risk management strategies, the adoption cyber best practices and the sharing of information regarding the threats, the incidents and the countermeasures.

On Jan. 8, the US Energy Department has released a voluntary guidance, titled “Energy Sector Cybersecurity Framework Implementation Guidance” for organizations operating in the industry. The Energy Sector Cybersecurity Framework Implementation Guidance was prepared in response to the Cybersecurity Framework released by the National Institutes of Standards and Technology in 2014. The document highlights the necessity to improve the collaboration between the private industry and government entities to mitigate cyber threats.

 

The guidance proposes principles and effective practices of risk management to develop a comprehensive cybersecurity framework necessary to improve the security and resilience of critical infrastructure in the Energy sector.

“The U.S. Department of Energy (DOE), as the Energy Sector-Specific Agency, worked with the Electricity Subsector and Oil & Natural Gas Subsector Coordinating Councils along with other Sector-Specific Agencies to develop this Framework Implementation Guidance specifically for energy sector owners and operators. It is tailored to the energy sector’s risk environment and existing cybersecurity and risk management tools and processes that organizations can use to implement the Framework. ” reads the guidance.

The Energy Sector Cybersecurity Framework Implementation Guidance is designed to assist the organizations operating in the energy sector to:

  • Evaluate the current level of cyber security reached by the organization.
  • Characterize a target cybersecurity posture.
  • Characterize existing cybersecurity risk management programs identifying gaps and possible improvement in compliance with the Guidance. It is suggested to prioritize the gaps based on the potential damages caused by a cyber attack.
  • Identify existing sector tools, standards, and guidelines that could be adopted to support the implementation of an effective cyber security framework.
  • Effectively demonstrate and communicate the risk management approach and the use of the Framework to both internal and external stakeholders.

The Energy Sector Cybersecurity Framework Implementation Guidance shows how organizations that adopt C2M2 can align their security posture with the specification of the NIST Framework. The guidance also proposes a range of other existing tools and practices that can support the adoption of a Cybersecurity Framework. The Guidance was accepted positively by organizations operating in the Energy Sector that consider it a guidance that was developed by the industry, for the industry.

Energy organizations are a privileged target of cyber attacks for this reason the implementation of the NIST Cybersecurity Framework is a necessary step to secure our society.

Pierluigi Paganini

(Security Affairs –  Energy Sector Cybersecurity Framework Implementation Guidance, US Energy Department)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

7 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

13 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.