Electricity Subsector Cybersecurity Capability Maturity Model, Version 1.1 (co-author)
The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) can help electricity subsector organizations of all types evaluate and make improvements to their cybersecurity programs. The ES-C2M2 is part of the DOE Cybersecurity Capability Maturity Model (C2M2) Program and was developed to address the unique characteristics of the electricity subsector. The program supports the ongoing development and measurement of cybersecurity capabilities within the electricity subsector, and the model can be used to:
- Strengthen cybersecurity capabilities in the electricity subsector.
- Enable utilities to effectively and consistently evaluate and benchmark cybersecurity capabilities.
- Share knowledge, best practices, and relevant references within the subsector as a means to improve cybersecurity capabilities.
- Enable utilities to prioritize actions and investments to improve cybersecurity.
The ES-C2M2 provides descriptive rather than prescriptive industry focused guidance. The model content is presented at a high level of abstraction so that it can be interpreted by subsector organizations of various types, structures, and sizes.