Electricity Grid Cybersecurity: DOE Needs to Ensure Its Plans Fully Address Risks to Distribution Systems, Report to Congressional Requesters [open pdf - 3MB]
From the Highlights: "Protecting the reliability of the U.S. electricity grid, which delivers electricity essential for modern life, is a long-standing national interest. The grid comprises three functions: generation, transmission, and distribution. In August 2019, GAO [U. S. Government Accountability Office] reported that the generation and transmission systems--which are federally regulated for reliability--are increasingly vulnerable to cyberattacks. GAO was asked to review grid distribution systems' cybersecurity. This report (1) describes the extent to which grid distribution systems are at risk from cyberattacks and the scale of potential impacts from such attacks, (2) describes selected state and industry actions to improve distribution systems' cybersecurity and federal efforts to support those actions, and (3) examines the extent to which DOE [U.S. Department of Energy] has addressed risks to distribution systems in its plans for implementing the national cybersecurity strategy. To do so, GAO reviewed relevant federal and industry reports on grid cybersecurity risks and analyzed relevant DOE documents. GAO also interviewed a nongeneralizable sample of federal, state, and industry officials with a role in grid distribution systems' cybersecurity. GAO recommends that DOE more fully address risks to the grid's distribution systems from cyberattacks--including their potential impact--in its plans to implement the national cybersecurity strategy. DOE agreed with GAO's recommendation."
Government Accountability Office: https://www.gao.gov/