The Government Accountability Office has found that the Department of Energy is yet to develop plans for implementing electric grid security that fully address key factors such as threat actors, vulnerabilities and impacts.
GAO stated in its report that DOE based its risk assessments on outdated models and that the Federal Energy Regulatory Commission’s grid security approval procedures failed to ensure full compliance with the National Institute of Standards and Technology’s requirements. FERC’s methodologies also failed to “evaluate the potential risk of a coordinated cyberattack on geographically distributed targets,†GAO noted.
According to the watchdog, DOE’s guidance for resource allocation to mitigate security risks will “likely be limited” until the department provides a complete strategy for grid cybersecurity.
