Maintaining a secure energy grid is a nation-wide effort but in the event of an emergency it’s important that the different roles each federal office plays can be easily understood. The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) plays a critical role in maintaining situational awareness, discovering and mitigating of cyber threats, and orchestrating response and recovery operations. CESER’s responsibilities are established through various authority statements passed down by both the executive branch and the DOE. Explore the authorities granted to CESER and how these authorities drive CESER’s various activities. 

Presidential Policy Directives

Presidential Policy Directive 8
National Preparedness, strengthens the security and resilience of the U.S. through systematic preparation for high-risk threats.
Presidential Policy Directive 21
PPD 21 unifies the national effort to strengthen and maintain critical infrastructure and grants CESER their authority in these objectives. 
Presidential Policy Directive 41
Presidential Policy Directive 41 outlines the DOE as the Sector-Specific Agency responsible for securing critical energy infrastructure.

Executive Orders

Improving Critical Infrastructure Cybersecurity (EO 13636)
Improving Critical Infrastructure Cybersecurity, directs the NIST to develop a framework to reduce cyber risks to critical infrastructure.
Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (EO 13800)
This EO directs examination into how federal authorities and capabilities can be better used to support the cybersecurity risk management efforts.
America’s Cybersecurity Workforce (EO 13870)
The Cybersecurity Workforce EO asserts the importance of cultivating a strong and diverse cyber workforce.
Securing the Information and Communications Technology and Services Supply Chain (EO 13873)
The U.S. Department of Energy works to ensure that the acquisition of Energy Sector infrastructure assets is done safely and securely.
Coordinating National Resilience to Electromagnetic Pulses (EO 13865)
This Executive Order reinforces DOE’s roles in leading grid-specific efforts and collaborating with its partners to improve overall EMP resilience.
Securing the United States Bulk-Power System (EO 13920)
The U.S. Department of Energy works to ensure that the acquisition of bulk-power assets is done safely and securely.

Legislative Authorities

Energy Independence and Security Act of 2007
This bill establishes policy for grid modernization to maintain a reliable and secure electricity infrastructure to meet future demand growth.
Energy Security provision within the Fixing America’s Surface Transportation Act (FAST Act)
The FAST Act codifies the DOE’s role as the Energy Sector Specific Agency (SSA) for cybersecurity
National Defense Authorization Act for Fiscal Year 2020 (NDAA)
Establishes a two-year pilot program within the National Laboratories to identify new classes of energy sector security vulnerabilities.

Agency Rules, Frameworks, and Strategies

National Response Framework
The National Response Framework outlines the delivery of energy (power and fuel) as an essential community lifeline for which U.S. DOE is responsible.
Emergency Support Function #12
Emergency Support Function #12 grants CESER the authority to coordinate and respond in emergency situations.
National Cybersecurity Strategy
The National Cybersecurity Strategy outlines the U.S. Department of Energy’s role in defending the national energy infrastructure.
National Infrastructure Protection Plan
This plan provides a risk management framework for collaboration when protecting critical infrastructure and resources.
Grid Security Emergency Final Rule, 10 CFR Part 205
This rule helps establish the departmental reactions to a grid security emergency.