Progress in electric utilities risk management - emerging guidance

The Department of Energy (DOE) in conjunction with the National Institute of Standards and Technology (NIST) and the North American Energy Reliability Corporation (NERC) developed, conducted public review, and is in the process of releasing this summer the Electricity Sector Cyber Security Risk Management Process (RMP) Guideline. The guideline takes the recently released NIST Special Publication (SP) 800-39, Managing Information Security Risk, and develops an interpretation tailored for the Electricity Sector (from power generation to distribution). This document provides an overview of the RMP Guideline and analysis of its likely impact. Organizations should consider using this guideline as they continue to address cyber security issues and concerns. The guideline provides a well structured approach based on current best practices, but the implementation could be challenging if not carefully considered.