The Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) was developed in support of the Electricity Subsector Cybersecurity Risk Management Maturity Initiative, a White House initiative led by the Department of Energy (DOE) in partnership with the Department of Homeland Security (DHS) and in collaboration with representatives of asset owners and operators within the electricity subsector. The initiative used the National Infrastructure Protection Plan framework as a public-private partnership mechanism to support the development of the model. This is a recent development that is intended to allow electric utilities to assess their cybersecurity capabilities and to develop a virtuous cycle of improvement.
The model has the following four objectives:
- Strengthen cybersecurity capabilities in the electricity subsector
- Enable utilities to effectively and consistently evaluate and benchmark cybersecurity capabilities
- Share knowledge, best practices, and relevant references within the subsector as a means to improve cybersecurity capabilities
- Enable utilities to prioritize actions and investments to improve cybersecurity.