DoE releases guidance for cyber security framework
The Department of Energy (DoE) released guidance to help the energy sector establish or align existing cybersecurity risk management programs to meet the objectives of the Cybersecurity Framework released by the National Institute of Standards and Technology (NIST) in February 2014.
The Cybersecurity Framework consists of standards, guidelines, and practices to promote the protection of critical infrastructure and ended up developed in response to Executive Order 13636 "Improving Critical Infrastructure Cybersecurity" through collaboration between industry and government.
The framework enables organizations—regardless of sector, size, degree of cybersecurity risk, or cybersecurity sophistication—to apply the principles and effective practices of risk management to improve the security and resilience of critical infrastructure.
The concept behind the framework is to not replace or limit an organization’s risk management process and cybersecurity program, but enhance a program.
Each sector and individual organization can use the Framework in a tailored manner to address its cybersecurity objectives.
In developing this guidance, the Energy Department collaborated with private sector stakeholders through the Electricity Subsector Coordinating Council and the Oil & Natural Gas Subsector Coordinating Council. DoE also coordinated with other Sector Specific Agency representatives and interested government stakeholders.