The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), which allows electric utilities and grid operators to assess their cybersecurity capabilities and prioritize their actions and investments to improve cybersecurity, combines elements from existing cybersecurity efforts into a common tool that can be used consistently across the industry. The ES-C2M2 was developed as part of a White House initiative led by the Department of Energy in partnership with the Department of Homeland Security (DHS) and involved close collaboration with industry, other Federal agencies, and other stakeholders. The ES-C2M2 was designed specifically for the electric subsector and is now available for downloading. Utilities can request the Cybersecurity Self Evaluation Survey Tool, which helps electric utilities and grid operators identify opportunities to further develop their own cybersecurity capabilities by posing a series of questions that focus on areas including situational awareness and threat and vulnerability management, by contacting the Energy Department at ES-C2M2@hq.doe.gov.
The Department of Energy has a long history of working closely with Federal partners, including DHS, on cybersecurity of the North American electric grid. The Department recently released the Electricity Subsector Cybersecurity Risk Management Process (RMP) Guideline which helps utilities better understand their cybersecurity risks, assess severity, and allocate resources more efficiently to manage those risks. All of these activities align with the Roadmap to Achieve Energy Delivery Systems Cybersecurity, which was released in September 2011 by DOE and outlines a strategic framework over the next decade to design, install, operate, and maintain a resilient energy delivery system capable of surviving cyber incidents while sustaining critical functions.
DOE will continue to work with public and private partners to support the adoption and use of C2M2. As we move forward, we will post periodic updates on the Office of Electricity Delivery and Energy Reliability website. If your organization is interested in receiving updates via email, please contact us at ES-C2M2@hq.doe.gov.