Cyber threats to our nation’s energy systems are rising. Recent cyber incidents, like the Colonial Pipeline attack, have demonstrated the power of malicious actors to shut down our nation’s critical energy infrastructure and disrupt our energy supplies, economy, and everyday lives. For the Department of Energy (DOE), the resiliency and security of America’s energy infrastructure is a top priority.
In April, the White House, in partnership with DOE, the Department of Homeland Security (DHS), and the electricity industry, launched the Electricity Subsector Industrial Control Systems (ICS) Cybersecurity Initiative, a 100-day plan to improve the cybersecurity of the nation’s electric infrastructure.
And the Administration has already taken immediate action to protect and defend our critical infrastructure, issuing an Executive Order in May to strengthen supply chains by addressing the cyber vulnerabilities associated with globally sourced technologies.
DOE’s Cybersecurity, Energy Security, and Emergency Response (CESER) office is leading the way in supply chain security, exploring options to strengthen domestic manufacturing of critical components like large power transformers and accelerating technologies to rapidly identify and respond to cyber threats.
In support of the 100-day plan, DOE just announced an update to our Cybersecurity Capability Maturity Model (C2M2), a tool that helps industries assess and improve the cybersecurity of their energy systems. CESER’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program continues to strengthen the supply chain cybersecurity of critical energy equipment through partnerships with some of the largest industrial control systems manufacturers in the world.
As the Colonial Pipeline incident demonstrated, when cyber incidents happen, we already have adequate preparation systems in place. DOE successfully coordinated a whole-of-government response to help move fuel supplies to the impacted areas and support the company as it resumed operations. Comprehensive preparation for cyber incidents are an ongoing focus area and we conduct frequent exercises with our government and industry partners and work with state, local, tribal, territorial energy officials to ensure they have the knowledge and training they need to prepare for cyber and physical incidents.
DOE is also making sure that security by design is built into all research and development from our national labs and across the department to create the clean, modern electricity grid of the future — and CESER is leading the way.
Finally, it’s critical that we empower today’s energy workforce with the skills they need to defend and protect the security of our energy systems. Through initiatives like DOE’s recently expanded cybersecurity workforce development program, CyberForce, we’re doing just that.
As risk management agency for the energy sector, DOE works closely with our government and energy industry partners to protect and secure our critical energy infrastructure from all threats — from cyber attacks to extreme weather events. With the recent announcement of Puesh Kumar, a recognized expert in the energy and cybersecurity sectors, as the leader of CESER, we have strengthened our national security mission.
DOE is committed to ensuring all Americans have access to clean, reliable energy and to ensuring that, as we build our energy systems back better and cleaner, they remain resilient and secure.