Department of Energy releases updated Cybersecurity Capability Maturity Model

July 26, 2021

The U.S. Department of Energy (DOE) released Version 2.0 (V2.0) of the Cybersecurity Capability Maturity Model (C2M2), a tool designed to help companies of all types and sizes evaluate and improve their cybersecurity capabilities. The C2M2 updates address the evolving cyber threat and technology landscape. The release of C2M2 V2.0 advances the Administration’s 100-day plan to confront cyber threats from adversaries who seek to compromise critical systems that are essential to U.S. national and economic security.

In April 2021, as part of the Biden Administration's effort to safeguard U.S. critical infrastructure, the DOE launched a 100-day coordinated initiative to enhance the cybersecurity of electric utilities’ industrial control systems (ICS). “The Biden Administration is committed to securing our nation’s critical energy infrastructure from increasingly persistent and sophisticated cyber threats and attacks,” said Puesh Kumar, Acting Principal Deputy Assistant Secretary for DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). “Through the release of C2M2 Version 2.0 and other activities under the 100-day ICS Cyber Initiative, we are taking deliberate action to protect against cyber threats and attacks.”

The C2M2, which was first released in 2012, is designed to help energy sector organizations understand cyber risks to their information technology (IT) and operational technology (OT) systems and measure the maturity of their cybersecurity capabilities. The updated model reflects inputs from 145 cybersecurity experts representing 77 energy sector organizations. Updates address new technologies like cloud, mobile, and artificial intelligence, and evolving threats such as ransomware and supply chain risks, and ultimately support companies in strengthening their operational resilience.

“C2M2 continues to be driven by public-private collaboration.” said Fowad Muneer, Acting Deputy Assistant Secretary for CESER’s Cybersecurity for Energy Delivery Systems (CEDS) division. “Our electricity, oil, and natural gas industry partners played a critical role in jointly authoring the C2M2 to ensure that it is responsive to the current cyber risk landscape.”

C2M2 is a free and voluntary resource. For information on C2M2 V2.0, visit energy.gov/c2m2 or email us at C2M2@hq.doe.gov.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

How can security leaders charged with investigations handle the management of interviewers and interrogators, as well as handle interviewing, including dealing with false confessions and misleading information?

Poll

Recruiting Diverse Candidates

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Department of Energy releases updated Cybersecurity Capability Maturity Model

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Department of Energy releases updated Cybersecurity Capability Maturity Model

Related Articles

Related Products

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.