The Energy Sector Cybersecurity Framework Implementation Guidance was developed in response to the overall Cybersecurity Framework released by the National Institutes of Standards and Technology in early 2014 and to an earlier executive order calling for cybersecurity collaboration between industry and government.
The guidance offers tips and best practices to energy companies and helps chart out how private sector companies can develop a comprehensive cybersecurity framework.
Some of the steps include:
- Developing a risk management strategy to identify and evaluate areas of improvement within the organization.
- Orienting assets and resources toward risky areas and to improve cybsercurity methodology and management standards.
- Determining where gaps exist and prioritizing the gaps based on the potential consequences of a cyber intrusion.
The American Gas Association said in a statement that it welcomed the release of the guidance and that the organization worked closely with the Energy Department to develop the steps and procedures.
"This productive collaboration has ensured that the final guidance meets the needs of AGA and its member companies and will help enhance the security of the natural gas industry, its customers and the nation" the AGA said.