Ed Goff
ABSTRACT
In order to encourage and support the incorporation of cybersecurity in the procurement of energy systems and components, the Energy Sector Control Systems Working Group (ESCSWG), Pacific Northwest National Laboratory (PNNL), and Energetics Incorporated have prepared Cybersecurity Procurement Language for Energy Delivery Systems (henceforth referred to as ESCSWG [2014]), with significant input from industry stakeholders and experts. This document, published in April 2014, seeks to promote cybersecurity by design through the procurement process by providing baseline language tailored to the specific needs of the energy sector. Updated and easy-to-use procurement language for the energy sector can aid in addressing some of the evolving challenges faced by asset owners, operators, and suppliers by providing a starting point for these stakeholders to communicate expectations and requirements in a clear and repeatable manner.
- U.S. Department of Homeland Security (DHS), Department of Homeland Security: Cyber Security Procurement Language for Control Systems (Washington, DC: DHS, 2009), http://ics-cert.us-cert.gov/sites/default/files/documents/Procurement_Language_Rev4_100809.pdf.Google Scholar
- Energy Sector Control Systems Working Group (ESCSWG), Roadmap to Achieve Energy Delivery Systems Cybersecurity (ESCSWG, 2011), www.controlsystemsroadmap.net/ieRoadmap%20Documents/roadmap.pdf.Google Scholar
- Office of Electricity Delivery and Energy Reliability, "Cybersecurity Capability Maturity Model (C2M2) Program," U.S. Department of Energy, accessed April 1, 2014, http://energy.gov/oe/cybersecurity-capability-maturity-model-c2m2-program.Google Scholar
- Office of Electricity Delivery and Energy Reliability, Electricity Subsector Cybersecurity Risk Management Process (Washington, DC: U.S. Department of Energy, 2012), http://energy.gov/sites/prod/files/Cybersecurity%20Risk%20Management%20Process%20Guideline%20-%20Final%20-%20May%202012.pdf.Google Scholar
- National Institute of Standards and Technology (NIST), Framework for Improving Critical Infrastructure Cybersecurity, Version 1 (Gaithersburg, MD: NIST, 2014), www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf.Google Scholar
Index Terms
- Cybersecurity procurement language for energy delivery systems
Recommendations
Shaking Up the Cybersecurity Landscape
The US government is seeking game-changing ideas from the public to improve the cybersecurity landscape in a program called National Cyber Leap Year. Looking to act quickly with a 15 December deadline, the program's backers want revolutionary ideas to ...
Security beyond cybersecurity: side-channel attacks against non-cyber systems and their countermeasures
AbstractSide-channels are unintended pathways within target systems that leak internal information, exploitable via side-channel attack techniques that extract the target information, compromising the system’s security and privacy. Side-channel attacks ...
Digital Economy and Cybersecurity in Nigeria: Policy Implications For Development
The COVID-19 pandemic has resulted in the urgent need for the Nigerian Government to embrace digital economy at all cost. Countries with digitised economy have been able to easily adopt to the challenges that the pandemic has brought, such as ...
Comments