Statement by the American Public Power Association on Release of Cybersecurity Framework
February 12, 2014
Washington, D.C. – The American Public Power Association (APPA) commends the Administration for releasing the National Institute of Standards and Technology (NIST) Cybersecurity Framework today, one year to the day after issuance of the President’s Executive Order on Cybersecurity. Although we are still closely reviewing the document, APPA believes the Cybersecurity Framework will help nation’s public and private critical infrastructure owners enhance our collective cybersecurity.
APPA sees the Framework as a first step in forming a common language that will strengthen communication between all critical infrastructure sectors, including the electric power industry, and enhance the security of the electric grid from cyber threats. We also appreciate that the Framework allows for flexibility in how utilities manage cyber risks and complements the Department of Energy’s Electricity Sector Cybersecurity Capability Maturity Model and the mandatory standards set by the North American Electric Reliability Corporation (NERC). As utilities that are owned and operated by the customers we serve, we take the security of the nation’s electric grid very seriously and look forward to working with other sectors and our federal agency partners to use the Framework in the months ahead.
In the White House meeting with industry stakeholders to roll out the Framework, all participants emphasized the critical role of information sharing between government and industry and using the Framework’s core, profiles and tiers to inform each company’s unique enterprise risk management program, while adapting to an evolving threat environment. APPA is encouraged by the Administration’s commitment to streamline, harmonize and align its regulations, to engage with industry on how we use the framework, and complete its effort to delineate incentives for use of the Framework.