After the President released the National Cyber Strategy in 2017, Energy Secretary Brouillette clearly stated, “Advancing cybersecurity is a core priority for the Department of Energy.” Advancing cybersecurity is a top national priority, as well as a shared responsibility of the public and private sectors to protect energy systems against cyber-attacks and cyber espionage. History clearly demonstrates that no single entity can meet this challenge alone. October is National Cybersecurity Awareness Month, now in its 17th year, to build attention to the importance of this work.
The modern world is a connected world, digitized through networks across our information technology and operational technology. These advancements are revolutionizing our way of work and life. Just think, ten years ago video conferencing was introduced to cellphones through the use of Apple FaceTime. Now, we are much more likely to video conference than audio conference in our work and personal lives. We live in a time when cyberspace is as prevalent as physical space. Our energy sector is no longer isolated physical systems. There is no more ‘air gap” between energy networks and cyberspace. Our adversaries are aware of these advances in digitization as well. The Director of National Intelligence made clear our adversaries maintain the ability to disrupt our energy systems for up to two weeks. In fact, our adversaries are attacking energy systems around the world to benefit their economic and geopolitical positions.
This is why DOE is committed to working with the private sector to increase cyber security and resiliency in the prevention of cyber-attacks. In 2018, Secretary Brouillette signed and endorsed the Cybersecurity Strategy of 2018-2020, a strategy that outlines the vision to secure the Department of Energy. The strategy is two-fold: strengthen the Department’s cyber systems and risk management capabilities and develop innovative solutions for inherently secure and resilient systems for tomorrow.
To elevate and coordinate cybersecurity and resilience efforts across the sector, DOE also established the Office of Cybersecurity, Energy Security, and Emergency Response. Focusing on securing the Nation’s energy infrastructure, the Office enables more strategic and prioritized preparation for and response to natural and man-made hazards.
Our energy sector goals in cybersecurity are achieved through enhancing sharing of data and intelligence, deepening partnership and transparency with industry stakeholders, collaborating with all levels of government to generate a unity of effort and implement best practices, prioritizing investments, and leveraging the unique expertise of DOE’s National Laboratories to develop new cybersecurity capabilities.
In a significant move to advance the security of the energy supply chain, in March of this year, President Trump signed an Executive Order securing the United States Bulk Power System (BPS). The BPS is the backbone of our Nation’s electric power grid and a vital component to the Nation’s energy security, national defense, emergency services, critical infrastructure, and the economy. The Order is a top priority effort for multiple offices within the Department, and led the Department to endorse incentives to support cybersecurity investments by industry through regulatory relief as well as invest in Cyber Testing for Resilient Industrial Control Systems (CyTRICS), a program with industry to build a cyber vulnerability identification and disclosure framework.
The President recognizes the significant cybersecurity workforce shortage, signing the Cybersecurity Workforce Executive Order to provide focus and opportunity to grow skilled cybersecurity professionals. DOE is committed to training and inspiring the next generation of energy sector cybersecurity professionals. Specifically focusing on the operational technology environment, CESER created the Operational Technology Defender Fellowship. This year-long fellowship will introduce front line industry engineers to the National Security Community and provide an engaging opportunity for these engineers to learn about cyber threats to critical energy infrastructure. Additionally, this November DOE will virtually host the Department’s sixth collegiate-level CyberForce Competition™ where participants will defend cyber systems of simulated critical infrastructure against threats modeled after those faced by the energy sector today. STEM education and workforce training events like the CyberForce Competition™ are critical to preparing the workforce we need to take on tomorrow’s cybersecurity challenges. You can find more resources on our STEM Rising website, www.energy.gov/STEMRising.
As a nation, we must remain vigilant, prepared, and equipped to prevent and deter any attack on our energy resources. As a Department, we are extremely grateful for those in the energy sector who work hard to keep our energy systems safe and protected from adversarial threats wishing to disrupt and harm the American way of life.
Please Join us in celebrating National Cybersecurity Awareness Month by visiting the Department’s resources highlighted above, visiting the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency resources here, and visiting the White House’s National Cybersecurity Awareness Month announcement here.