This ICF white paper explores cyber threat to critical infrastructure, one of the most serious national and economic security challenges confronting the United States. The Cybersecurity Capability Maturity Model (C2M2) program under the U.S. Department of Energy's (DOE) Office of Electricity Delivery and Energy Reliability (OE) is one of the U.S. federal government's numerous policies and programs to enhance the security and resilience of the nation's critical infrastructure.
The C2M2 program comprises three maturity models:
- Electricity Subsector-Cybersecurity Capability Maturity Model (ES-C2M2)
- Oil and Natural Gas Subsector-Cybersecurity Capability Maturity Model (ONG-C2M2)
- Cybersecurity Capability Maturity Model (C2M2)
These models are a formalized process for evaluating the maturity of an organization's cybersecurity capabilities and are publicly available for free. The program, along with the models, provides supporting toolkits, guidance resources, and self-evaluation facilitation support to the U.S. energy sector. The program's mission is to strengthen the sector's security and resilience.
Visit ICF's Cybersecurity page for more information on our capabilities.