美国电力行业信息安全运作机制和策略分析

网络威胁对电力系统的影响是涉及国家安全、公共安全和国民经济的至关重要的问题。美国已形成了多方协同的电力行业信息安全运作机制。以美国电力行业信息安全的战略框架及其实施策略为切入点，梳理了承担美国电力行业信息安全相关职责的政府机构和组织的职责及其工作现状，研究了参与美国电力行业信息安全研究的机构和组织的工作成果。从信息安全标准、安全文化建设、风险管理、协作共享以及网络攻击响应5个角度分析了美国电力行业信息安全运作策略。电力行业信息安全的持续运作和良性发展，不仅需要标准规范的不断完善和主动执行，更需要安全文化、安全风险、应急响应等方面的切实有效的管理和协同。

Study on Mechanism and Strategy of Cybersecurity in U.S. Electric Power Industry

Cyber threats to electric power system have great impact on the national security, public safety and country economy. After years of researches and practices, the United States of America (US) has well formed a multi-party cooperative mechanism for the cybersecurity to safeguard the operation of electric power industry. The cybersecurity framework and strategy for electric power industry in US is presented first. The corresponding duty and its working status of related government agencies and organizations involved in the cybersecurity of the electric power industry is then introduced respectively. The study results and working conclusions of US research institutions and organizations are also briefed. Based on those information, the characteristics of cyber security mechanism in US are studied and analyzed from different points of view including cyber security standard, culture construction, risk management, collaboration and information sharing, and effective response to cyber-attacks. In order to sustain the cybersecurity and evolvement of power information security, not only the standard and specification are required to be continuously improved and actively implemented, but also the culture of security, the risk management, the collaboration and information sharing, the effective response to cyber-attacks are needed to be effectively coordinated and managed.