DOE Issues Voluntary Cybersecurity Guidelines
Utilities, as well as third-party contractors and vendors, should take notice of government-led initiatives pertaining to the smart grid and related cybersecurity matters. The U.S. Department of Energy (DOE) has issued a proposed Voluntary Code of Conduct (VCC) that provides smart-grid cybersecurity guidance and addresses privacy in the use of data collected by advanced metering infrastructure (AMI). The VCC offers high-level principles of conduct for those handling customer usage data in connection with retail energy services. These principles aim to balance the often competing needs of maintaining sensitive customer data on a confidential basis, and incorporating AMI to provide more reliable and affordable energy services.
The VCC offers useful guidance to those seeking to address customer privacy concerns while making the most of AMI and customer data. The VCC is currently voluntary, but regulators may consider requiring its use. Likewise, courts may use the VCC as the basis by which to measure fault and whether a company’s privacy policies and procedures were reasonable following a cyber attack. To learn more about the VCC and what it may mean for your company, read this Energy Daily article.