WASHINGTON, D.C. – Today, the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) announced a $3 million inter-agency agreement with the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) to research and develop tools and practices that will strengthen the cybersecurity of the Nation's energy sector and maritime transportation system.
"Approximately forty percent of all maritime traffic is transporting an energy product, making U.S. energy security inland a linked partner with the maritime market. Recent cyber attacks on the maritime space show that enhancing cybersecurity at our port facility complexes and in our offshore industries is critical to our mission of securing America’s energy infrastructure," said Sean Plankey, Principal Deputy Assistant Secretary for CESER. "We’re eager to use the expertise across our federal network to empower U.S. energy-related organizations to evaluate and improve their cybersecurity posture."
Over a two-year period, NIST will work with CESER to strengthen and update the Cybersecurity Capability Maturity Model (C2M2) consistent with NIST’s CSF and extended from the energy sector to the maritime domain. Concurrently, NIST’s National Cybersecurity Center of Excellence (NCCoE) and CESER will develop a maritime transportation system NIST Cybersecurity Framework (CSF) Profile and supporting implementation guide. Created in 2012, the C2M2 is used by energy sector organizations to assess and improve cybersecurity capabilities. The C2M2 has been leveraged by hundreds of companies across critical infrastructure sectors in the U.S. and around the world. NIST will support DOE in its collaboration with energy sector cyber practitioners to update the C2M2 and ensure that the model addresses today’s evolving threat landscape and emerging security trends.
"This project reflects the Department’s commitment to collaboration with public and private partners to enhance U.S. energy infrastructure security and address the emerging needs of energy companies across the nation," Plankey noted.
Learn more about the Office of Cybersecurity, Energy Security, and Emergency Response and its programs.