The Government Accountability Office‘s report, published July 17, said electric power systems and networks are incorporating information technology systems, exposing grids to cyber vulnerabilities.
GAO found that there is no existing coordination between industry compliance and voluntary standards and current regulations do not ensure the security of smart grid systems.
Industry also focuses too much on regulatory compliance rather than comprehensive security, auditors wrote.
GAO also added industry does not have an effective mechanism for cybersecurity information sharing, as well as not having metrics to evaluate cybersecurity performance.
A previous GAO report recommended the industry develop an approach to monitor compliance with voluntary standards but this suggestion has yet to be implemented, according to the new report.