Electricity grid modernization

The electric industry is increasingly incorporating information technology (IT) systems into its operations as part of nationwide efforts -- commonly referred to as smart grid -- to improve reliability and efficiency. There is concern that if these efforts are not implemented securely, the electric grid could become more vulnerable to attacks and loss of services. To address this concern, the Energy Independence and Security Act of 2007 (EISA) provided the National Institute of Standards and Technology (NIST) and Federal Energy Regulatory Commission (FERC) with responsibilities related to coordinating the development and adoption of smart grid guidelines and standards. GAO was asked to (1) assess the extent to which NIST has developed smart grid cybersecurity guidelines; (2) evaluate FERC's approach for adopting and monitoring smart grid cybersecurity and other standards; and (3) identify challenges associated with smart grid cybersecurity. To do so, GAO analyzed agency documentation, interviewed responsible officials, and hosted an expert panel.