"Helping Industry Develop Secure Grid Technologies"

The power grid has become an increasingly attractive target for cybercriminals. Cybersecurity researchers at Pacific Northwest National Laboratory (PNNL) are developing next-generation tools to bolster the power grid and other critical infrastructure against cyberattacks. PNNL received funding from the U.S. Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) to develop a cybersecurity maturity model and companion assessment method that can help manufacturers implement cybersecurity best practices throughout the development of hardware, software, and firmware. The Secure Design and Development Maturity Model (SD2M2) is being used to assess the cybersecurity practices of those who develop and build products such as sensors, control systems, and more for the power grid. The SD2M2 is based on the Cybersecurity Capability Maturity Model (C2M2) framework and consists of three components. These components include management priorities, core assessment, and a comparative evaluation. In the priority management phase, leadership establishes goals that encompass a system's background, foundation, design, building, testing, integration, deployment, and end-of-life. Product designers, developers, and testers are prompted to take a self-assessment in the core assessment phase, consisting of 800 practice statements to evaluate their product against a set of cybersecurity practices recognized by the industry. The assessments delivered by the SD2M2 web-based tool are customized based on product or organization type. The comparative evaluation phase provides a report that compares self-assessment results to management priorities, giving better insight into opportunities for improving a product's cybersecurity posture. This article continues to discuss the development, key goals, components, and structure of SD2M2. 

Homeland Security News Wire reports "Helping Industry Develop Secure Grid Technologies"