The Energy Sector Security Consortium, Inc. (EnergySec) is a United States 501(c)(3) non-profit organization formed to support organizations within the energy sector in securing their critical technology infrastructures. We support collaborative programs and projects that improve the cyber security posture of these organizations.
EnergySec is a community of information security, physical security, audit, disaster recovery and business continuity professionals from energy industry utilities. Participation is international, including all regions throughout North America, South America, Europe, Asia and Australia. EnergySec operates many programs, events and technology solutions designed to help improve the security posture of the energy sector.
The foundation of EnergySec was established over a decade ago as relationships formed between a group of information security, physical security, disaster recovery and business continuity professionals from energy organizations in the Pacific Northwest. Initially, a small group met for lunch to discuss the security challenges they were all facing. The idea was simple, share common security practices for the purpose of learning from each other. As news spread about the lunch meetings, more people wanted to join and it quickly outgrew the informal setting. EnergySec Northwest, better known as E-Sec NW, was formed in early 2004. An online forum and quarterly meetings were established to give security professionals more time together and better ways to share information with each other.
In 2005, E-Sec NW hosted its first annual summit. The two-day event was a success from the beginning. There was no other meeting of its kind being held at the time. The summit promoted open and honest dialog, creative ideas, and collaborative solutions designed to benefit as many as possible. The summit especially appealed to the “boots on the ground” security practitioners who, prior to this time, had found themselves isolated at their respective organizations.
Over the next several years, E-SEC NW built anindependentand trusted model for sharing information about security in the energy sector. It grew organically through word-of-mouth like many grass roots organizations. Along the way, ESEC-NW was receiving broad praise for the quality of its programs. It was nationally recognized by the SANS Institute, who bestowed the prestigious National Cyber Security Leadership award on the organization in 2007. This award honors persons who significantly improve the effectiveness of the nation's cyber security. It is the most prestigious of all SANS cyber security awards because it recognizes transformational changes that have a sweeping impact on a range of public and private sector entities.
As interest continued to grow across North America the “northwest” was dropped from the name to embrace the burgeoning role as a national information sharing organization for the energy sector. Attendance at the annual summit continued to grow every year and new relationships developed with product and service vendors, government agencies and academic institutions. EnergySec formed a corporation in 2008 and received its non-profit 501(c)(3) designation in 2009.
EnergySec was uniquely positioned to answer the call when the U.S. Department of Energy announced a funding opportunity in early 2010 to build the National Electric Sector Cybersecurity Organization (NESCO). NESCO was meant to be a public-private partnership focused on security related information sharing in the electric sector. EnergySec was awarded partial funding over three years and work began in earnest in October of 2010.
Today, EnergySec is well over 1,000 members with over 377 organizations participating in EnergySec programs. The development of the NESCO virtual information sharing organization remains a key focus of EnergySec as it continues to develop programs and other efforts to meet the needs of energy sector into the future.