Public Power Daily Logo

APPA urges administration to remove barriers to participation in cybersecurity programs


From the May 6, 2013 issue of Public Power Daily

Originally published May 6, 2013

By Robert Varela
Editorial Director
Focus more on removing barriers to full participation in the administration’s cybersecurity programs under the president’s executive order on cybersecurity and less on creating incentives to participate, APPA advised the Department of Commerce. In April 29 comments on incentives for participation in development of a national "Cybersecurity Framework," APPA urged the department to also focus on "ensuring the effectiveness of the overall Framework to address electric sector needs, and addressing the specific resource limitations and training needs of small public power entities."

The importance of the framework "cannot be overstated, especially when combined with the many ongoing cybersecurity activities already being undertaken by the electric utility sector," APPA said. The association plans to participate and applauds steps to bring other private sector entities into frameworks similar to that of the electric sector and to incentivize cross-sector cybersecurity practices.

APPA "cannot overemphasize the importance of timely information sharing with the private sector through the Electric Sector Information Sharing and Analysis Center and through other forums." However, the executive order appears to contemplate funneling information provided by the federal government through private sector information security providers. "Allowing electric utilities unconstrained access to the Enhanced Cyber Security Services program without a need for a pay to play system would be more likely to ensure broad electric sector participation," APPA said. An increased number of security clearances also would provide substantial benefits, APPA said.

A clear separation must be maintained between the voluntary cybersecurity framework contemplated by the executive order and the mandatory standards regime applicable to the electric utility sector, APPA said. Any implication that the National Institute of Standards and Technology’s Cybersecurity Framework "might be used to establish a new baseline for mandatory [North American Electric Reliability Corp.] standards must be avoided."

Sector-specific agencies can do much to encourage broad adoption and application of the final Cybersecurity Framework, APPA said. They can do so "by following the same approach as the Department of Energy adopted with its Electricity Sector Cybersecurity Capability Maturity Model of working with the electric sector trade associations to educate them on the [model] and provide guidance in the field on how it can be applied successfully to each utility’s unique circumstances."

Liability protections for electric utilities that report cyber threat information "must be explored," APPA said. "This could possibly be a useful tool to incentivize participation, but it should be studied first so the benefits and drawbacks can be fully understood."

Ratings

Be the first to rate this item!

Please Sign in to rate this.

Comments

  Add Your Comment

(1000 of 1000 characters remaining)

Senior Vice President, Publishing 
Jeanne Wickline LaBella
202/467-2948
JLaBella@publicpower.org

Editorial Director
Robert Varela
202/467-2947
RVarela@publicpower.org

Editor, Public Power Daily
Jeannine Anderson
202/467-2977
JAnderson@publicpower.org

Communications Assistant
Fallon W. Forbush
202/467-2958
FForbush@publicpower.org

Manager, Integrated Media 
David L. Blaylock
202/467-2946
DBlaylock@publicpower.org

Integrated Media Editor 
Laura D’Alessandro 
202/467-2955 
LDAlessandro@publicpower.org