Just two months into 2024, it is abundantly clear that America’s critical infrastructure is facing an unprecedented level of cyber threat.
Office of Cybersecurity, Energy Security, and Emergency Response
March 11, 2024
minute read time
Just two months into 2024, it is abundantly clear that America’s critical infrastructure is facing an unprecedented level of cyber threat. Foreign adversaries are bolder, better equipped, and increasingly willing to test the limits of our security measures in preparation for future attacks. In remarks at the Munich Security Conference in mid-February, FBI Director Christopher Wray said that “the world has become more dangerous than ever.” Just weeks prior, in testimony to the House of Representatives Select Committee on the Chinese Communist Party, he said “China’s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike.”
These words of warning are a serious call to action for everyone responsible for the security of the systems that Americans rely on – from energy to healthcare to transportation – and from the public sector officials who provide oversight to the private sector owners and operators of so much of this infrastructure. Within the energy sector, the DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER) applauds the recent release of cybersecurity baselines for electric distribution systems and distributed energy resources (DER). These baselines answer that call to action by pushing the ceiling of cybersecurity performance in the sector.
The National Cybersecurity Strategy, issued in 2023, called for an up-leveling of cybersecurity measures and practices nationwide. The Strategy specifically pointed to the need for greater cybersecurity for electric distribution infrastructure and for DERs. The baselines will be coupled with forthcoming implementation guidance to create an actionable set of resources for state Public Utility Commissions, electric distribution utilities, and DER operators and aggregators. It is just one step toward thwarting the worst intentions of our adversaries, but it’s an important one.
To develop the baselines, the National Association of Regulatory Utility Commissioners (NARUC) convened a Steering Group of regulatory, cyber, and industry experts from across the sector. The development process also included multiple stakeholder review and comment cycles to ensure a wide range of perspectives were considered. The resulting guidance, which is tailored for electric distribution systems and the DERs that connect to them, creates a common starting point for cyber risk reduction activities.
In the coming year, implementation strategies and adoption guidelines will be developed to help drive the voluntary adoption of uniform cybersecurity practices across the country. As we tighten the security of our electric distribution systems and distributed energy resources, we buy down the risk from China, Russia, and other nation states with an interest in sowing chaos via targeted, timely cyber attacks. CESER will continue to support and advance initiatives, like the development of these baselines, that will significantly tip the scales in our favor, leveraging the expertise of our industry and state, local, tribal, and territorial partners in the process.