The Department of Energy Releases Draft of Cybersecurity Risk Management Process (RMP) Guideline for Public Comment

September 12, 2011

Public-Private Sector Collaboration Produces Guidance to Help Electric Utilities
Better Understand and Assess Cybersecurity Risk

WASHINGTON, DC - The Department of Energy, in collaboration with the National Institute of Standards and Technology and the North American Electric Reliability Corporation, has released a draft of the Electricity Sector Cybersecurity Risk Management Process (RMP) Guideline for public comment. The RMP Guideline was drafted by a joint public-private sector team that also included representatives from the Federal Energy Regulatory Commission, the Department of Homeland Security, and utilities. The initiative to develop the RMP Guideline is led by the Department’s Office of Electricity Delivery and Energy Reliability. 
The RMP Guideline is designed to help utilities better understand their cybersecurity risks, assess severity, and allocate resources more efficiently to manage those risks. Available online for public comment until October 28, 2011, the RMP Guideline offers a flexible approach to managing cybersecurity risks across all levels of the organization. Feedback provided by industry, vendors, and other electricity sector stakeholders will be used to further refine and improve the RMP Guideline prior to final publication.
“Addressing cyber security is critical to enhancing the security and reliability of the nation’s electric grid,” said Patricia Hoffman, Assistant Secretary for the Office of Electricity Delivery and Energy Reliability. “The Department of Energy has been working closely with the Department of Homeland Security, other government agencies, and industry for years to reduce the risk of energy disruptions due to cyber attack. The RMP Guideline will provide utilities with consistent, adaptable solutions that help them manage their cybersecurity risks more effectively.”
Over the past few decades, the Electricity Sector has increasingly relied on digital technology to reduce costs, increase efficiency, and maintain reliability during the generation, transmission, and distribution of electric power. Managing cybersecurity risk is critical to the success of organizations in achieving their strategic goals and objectives, including reliability, resiliency, security, and safety.
To learn more about national efforts to ensure a reliable, secure, and resilient electric grid, visit the Office of Electricity Delivery and Energy Reliability.