Why the grid needs CDM

What: "Addressing Dynamic Threats to the Electric Power Grid Through Surveillance," a November 2014 study by the Chertoff Group.

Why: Increasing and sustained risks from physical and cyber threats confront the sprawling, interconnected U.S. power grid. Critical infrastructure companies are struggling to keep up with increasingly targeted threats to their facilities. The study outlines the measures underway among providers and the U.S. government to share data in a risk management approach to security, from the Electricity Sector Information Sharing Analysis Center to the Cyber Risk Information Sharing Program.

It also outlines the role risk management procedures had in dealing with hurricane Sandy and a 2013 attack on Pacific Gas and Electric's Metcalf electrical substation, in which unknown attackers opened fire on the facility with high-powered rifles.

The study recommends additional investments in critical infrastructure, including enhanced cross-sector security coordination, and increased awareness and adoption of continuous diagnostics and mitigation. CDM, said the study, offers much-needed dynamic awareness and assessment of security control, rather than annual or quarterly security review.

Verbatim: "Continuous monitoring can help electric companies gain real time visibility into their SCADA [supervisory control and data acquisition] and industrial control systems, as well as the overall information technology and operational technology (IT/OT) environment enabling them to better detect, respond to and recover from internal and external threats."

Read the whole report here.