Cybersecurity Policy for Water and Electricity Infrastructures

This course will examine the drinking water and electricity infrastructures, and various policies that have been developed to help guide and strengthen their cybersecurity programs. The drinking water and electricity infrastructures are two of fourteen subsectors comprising what are known as \"lifeline infrastructure\". The 2013 National Infrastructure Protection Plan identifies four lifeline infrastructure sectors: 1) water, 2) energy, 3) transportation, and 4) communications. These sectors are designated \"lifeline\" because many other infrastructures depend upon them. The drinking water subsector is part of the water sector, and the electricity subsector is part of the energy sector. Both subsectors are overseen by the Department of Homeland Security National Protection and Programs Directorate which manages the DHS National Infrastructure Protection Program. The NIPP employs a five-step continuous improvement program called the Risk Management Framework. NIPP implementation is overseen by DHS-designated Sector-Specific Agencies staffed by various Federal departments. The Sector-Specific Agencies work in voluntary cooperation with industry representatives to apply the Risk Management Framework and document results in corresponding Sector-Specific Plans. The program began in 2007 and the most recent Sector-Specific Plans were published in 2016. In February 2013, President Obama issued Executive 13636 directing the National Institute of Standards and Technology to develop a voluntary set of recommendations for strengthening infrastructure cybersecurity measures. EO13636 also asked Federal agencies with regulating authority to make a recommendation whether the NIST Cybersecurity Framework should be made mandatory. The Environmental Protection Agency who is both the SSA and regulatory authority for the drinking water subsector recommended voluntary application of the NIST Cybersecurity Framework. The Department of Energy who is both the SSA and regulatory authority for the electricity subsector replied that it was already implementing the Electricity Subsector Cybersecurity Capability Maturity Model, which indeed was what the NIST Cybersecurity Framework was based on. The Department of Energy, though, recommended voluntary application of the ES-C2M2. This module will examine both the drinking water and electricity lifeline infrastructure subsectors, and elements and application of the NIST Cybersecurity Framework and ES-C2M2.

Created by: University of Colorado System

Language: English

Find Out More
Share
Facebook
Twitter
Pinterest
Reddit
StumbleUpon
LinkedIn
Email

VIU Online Courses

Back to Top

Log In

Contact Us

Upload An Image

Please select an image to upload
Note: must be in .png, .gif or .jpg format
OR
Provide URL where image can be downloaded
Note: must be in .png, .gif or .jpg format

By clicking this button,
you agree to the terms of use

By clicking "Create Alert" I agree to the Uloop Terms of Use.

Image not available.

Add a Photo

Please select a photo to upload
Note: must be in .png, .gif or .jpg format