Electricity Grid Modernization: Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed.

The electric industry is increasingly incorporating information technology systems into its operations as part of nationwide efforts -- commonly referred to as smart grid -- to improve reliability and efficiency. There is concern that if these efforts are not implemented securely, the electric grid could become more vulnerable to attacks and loss of services. To address this concern, the Energy Independence and Security Act of 2007 (EISA) provided the National Institute of Standards and Technology (NIST) and Federal Energy Regulatory Commission (FERC) with responsibilities related to coordinating the development and adoption of smart grid guidelines and standards.

GAO was asked to (1) assess the extent to which NIST has developed smart grid cybersecurity guidelines; (2) evaluate FERC’s approach for adopting and monitoring smart grid cybersecurity and other standards; and (3) identify challenges associated with smart grid cybersecurity. To do so, GAO analyzed agency documentation, interviewed responsible officials, and hosted an expert panel.

GAO recommends that NIST finalize its plan and schedule for updating its cybersecurity guidelines to incorporate missing elements, and that FERC develop a coordinated approach to monitor voluntary standards and address any gaps in compliance. Both agencies agreed with these recommendations.

(GAO-11-117)