Hello, Guest!


DOE Updates Nearly Decade-Old Cybersecurity Assessment Tool

Energy sector security

DOE Updates Nearly Decade-Old Cybersecurity Assessment Tool

The Department of Energy has released an updated version of its cybersecurity assessment tool designed for organizations of all types and sizes.

The launch of Cybersecurity Capability Maturity Model Version 2.0 will support the Biden administration’s efforts to bolster the cybersecurity of American critical infrastructure, DOE said.

Fowad Muneer, acting deputy assistant secretary for energy delivery systems cybersecurity, said the development of C2M2 was driven by public-private collaboration.

“Our electricity, oil, and natural gas industry partners played a critical role in jointly authoring the C2M2 to ensure that it is responsive to the current cyber risk landscape,” Muneer explained.

DOE released C2M2 in 2012 to help organizations understand the cybersecurity weaknesses of their information technology and operational technology systems.

The updated version accounts for advancements in cloud, mobile and artificial intelligence technologies as well as threats like ransomware and supply chain risks, the department said.

DOE said it developed C2M2 V2.0 based on the recommendations of 145 cybersecurity experts across 77 energy sector organizations.

In April, the Biden administration launched a 100-day plan to secure the industrial control systems and the supply chains of electric utilities against persistent and sophisticated cyber threats.

Industrial control systems are integrated hardware and software designed to control machines and devices in industrial environments, according to a TechTarget article.

C2M2’s release and other activities under the 100-day initiative demonstrate DOE’s proactive stance in defeating cybersecurity threats, according to Puesh Kumar, acting principal deputy assistant secretary for DOE’s Office of Cybersecurity, Energy Security and Emergency Response.

Category: Cybersecurity