Public Power Daily Logo

APPA urges administration to remove barriers to participation in cybersecurity programs

From the May 6, 2013 issue of Public Power Daily

Originally published May 6, 2013

By Robert Varela
Editorial Director
Focus more on removing barriers to full participation in the administration’s cybersecurity programs under the president’s executive order on cybersecurity and less on creating incentives to participate, APPA advised the Department of Commerce. In April 29 comments on incentives for participation in development of a national "Cybersecurity Framework," APPA urged the department to also focus on "ensuring the effectiveness of the overall Framework to address electric sector needs, and addressing the specific resource limitations and training needs of small public power entities."

The importance of the framework "cannot be overstated, especially when combined with the many ongoing cybersecurity activities already being undertaken by the electric utility sector," APPA said. The association plans to participate and applauds steps to bring other private sector entities into frameworks similar to that of the electric sector and to incentivize cross-sector cybersecurity practices.

APPA "cannot overemphasize the importance of timely information sharing with the private sector through the Electric Sector Information Sharing and Analysis Center and through other forums." However, the executive order appears to contemplate funneling information provided by the federal government through private sector information security providers. "Allowing electric utilities unconstrained access to the Enhanced Cyber Security Services program without a need for a pay to play system would be more likely to ensure broad electric sector participation," APPA said. An increased number of security clearances also would provide substantial benefits, APPA said.

A clear separation must be maintained between the voluntary cybersecurity framework contemplated by the executive order and the mandatory standards regime applicable to the electric utility sector, APPA said. Any implication that the National Institute of Standards and Technology’s Cybersecurity Framework "might be used to establish a new baseline for mandatory [North American Electric Reliability Corp.] standards must be avoided."

Sector-specific agencies can do much to encourage broad adoption and application of the final Cybersecurity Framework, APPA said. They can do so "by following the same approach as the Department of Energy adopted with its Electricity Sector Cybersecurity Capability Maturity Model of working with the electric sector trade associations to educate them on the [model] and provide guidance in the field on how it can be applied successfully to each utility’s unique circumstances."

Liability protections for electric utilities that report cyber threat information "must be explored," APPA said. "This could possibly be a useful tool to incentivize participation, but it should be studied first so the benefits and drawbacks can be fully understood."


Be the first to rate this item!

Please Sign in to rate this.


  Add Your Comment

(1000 of 1000 characters remaining)

Senior Vice President, Publishing 
Jeanne Wickline LaBella

Editorial Director
Robert Varela

Editor, Public Power Daily
Jeannine Anderson

Communications Assistant
Fallon W. Forbush

Manager, Integrated Media 
David L. Blaylock

Integrated Media Editor 
Laura D’Alessandro