Energy Sector – Presented the Cybersecurity Framework Implementation Guidance

The US Energy Department issued the guidance “Energy Sector Cybersecurity Framework Implementation Guidance” for organizations operating in the industry.

The Energy industry is constantly under attack, the number of hacking campaigns that are targeting the sector is increasing exponentially. Energy companies and utilities have to adopt a proper cyber security posture in order to mitigate the cyber threats. Some of the pillars for the approach of cyber security in the Energy industry are the development of efficient risk management strategies, the adoption cyber best practices and the sharing of information regarding the threats, the incidents and the countermeasures.

On Jan. 8, the US Energy Department has released a voluntary guidance, titled “Energy Sector Cybersecurity Framework Implementation Guidance” for organizations operating in the industry. The Energy Sector Cybersecurity Framework Implementation Guidance was prepared in response to the Cybersecurity Framework released by the National Institutes of Standards and Technology in 2014. The document highlights the necessity to improve the collaboration between the private industry and government entities to mitigate cyber threats.


The guidance proposes principles and effective practices of risk management to develop a comprehensive cybersecurity framework necessary to improve the security and resilience of critical infrastructure in the Energy sector.

“The U.S. Department of Energy (DOE), as the Energy Sector-Specific Agency, worked with the Electricity Subsector and Oil & Natural Gas Subsector Coordinating Councils along with other Sector-Specific Agencies to develop this Framework Implementation Guidance specifically for energy sector owners and operators. It is tailored to the energy sector’s risk environment and existing cybersecurity and risk management tools and processes that organizations can use to implement the Framework. ” reads the guidance.

The Energy Sector Cybersecurity Framework Implementation Guidance is designed to assist the organizations operating in the energy sector to:

  • Evaluate the current level of cyber security reached by the organization.
  • Characterize a target cybersecurity posture.
  • Characterize existing cybersecurity risk management programs identifying gaps and possible improvement in compliance with the Guidance. It is suggested to prioritize the gaps based on the potential damages caused by a cyber attack.
  • Identify existing sector tools, standards, and guidelines that could be adopted to support the implementation of an effective cyber security framework.
  • Effectively demonstrate and communicate the risk management approach and the use of the Framework to both internal and external stakeholders.

The Energy Sector Cybersecurity Framework Implementation Guidance shows how organizations that adopt C2M2 can align their security posture with the specification of the NIST Framework. The guidance also proposes a range of other existing tools and practices that can support the adoption of a Cybersecurity Framework. The Guidance was accepted positively by organizations operating in the Energy Sector that consider it a guidance that was developed by the industry, for the industry.

Energy organizations are a privileged target of cyber attacks for this reason the implementation of the NIST Cybersecurity Framework is a necessary step to secure our society.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2021

We are in our 9th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.