Passed on November 15, 2021, the Bipartisan Infrastructure Law (BIL) provides a strategic opportunity to upgrade the nation’s energy infrastructure for a clean, resilient, secure energy future. 

The Department has a strategic opportunity to address the threats of increasing cyber-attacks and climate change-related incidents. U.S. energy systems are facing an unprecedented and evolving threat landscape. Incidents like Winter Storm Uri and Hurricane Ida in 2021, increasingly severe wildfires this year, and the continued threat of cyber-attacks on our energy systems by the nation’s adversaries. All of these demonstrate how each can disrupt our energy supplies, economy, and everyday lives.

Of the $62 billion provided in the law, Congress has provided DOE $27 billion to upgrade and modernize our electrical grid to make it more resilient to extreme weather and resistant to cyber-attacks, helping CESER advance its energy security mission. CESER is the lead office on several provisions, while also consulting on numerous other cyber and energy security-related provisions across the Department. 

CESER-led BIL Provisions

The Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) is supporting states and territories in the development and strengthening of their State Energy Security Plans (SESP). CESER’s technical assistance and guidance for states is designed to help them fully address the Congressional required elements in BIL Section 40108 before the provision sunsets on October 31, 2025.

All 56 U.S. states and territories must submit a revised plan to DOE by September 30, 2023. CESER will manage the review of submitted SESPs in 2023 and 2024 and continue to evolve technical assistance offerings to meet state needs.

CESER is developing a Report on Cybersecurity of Distribution Systems to assess priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems.

The voluntary Energy Cyber Sense program will test the cybersecurity of energy products and technologies, including bulk-power systems.

DOE’s Rural and Municipal Utility Advanced Cybersecurity (RMUC) Grant and Technical Assistance program will provide support to improve the cybersecurity posture of eligible utilities and increase their participation in threat information sharing programs.

Learn more about the program.

This program will enable participants to develop advanced cybersecurity applications and technologies for the energy sector through a number of activities including research, development, and demonstration (RD&D) funding, workforce development curricula, develop improved supply chain concepts for secure design, and more.

DOE Announces $30 Million Funding for Next Generation Cybersecurity Tools to Protect Clean Energy Infrastructure

DOE Announces $39 Million in Research Funding to Enhance Cybersecurity of Clean Distributed Energy Resources | Department of Energy

The Energy Threat Analysis Center (ETAC) pilot is a public-private partnership that convenes experts from the federal government and the U.S. energy sector, joining analytic capabilities from the national laboratories with real-world threat insights to secure critical infrastructure and support the nation’s response to energy system threats.

Learn more about the program.

In collaboration with the Office of Electricity and the Office of Grid Deployment, CESER will perform certain modeling and assessment of electric systems that will guide investments in research, development, demonstration, and deployment, and will inform CESER and other DOE offices of opportunities to improve the security and resilience of these electric systems.

Section 40216 of the Infrastructure Investment and Jobs Act (IIJA) provides a framework for ensuring that the Department of Energy’s (DOE) investments in energy sector research and infrastructure are secure and resilient from cybersecurity threats, requiring all relevant IIJA-provisions to have cybersecurity plans.

In March 2023, the Secretary of Energy directed DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) to lead cybersecurity plan coordination across DOE program offices managing provisions. Program offices implementing IIJA provisions are required to follow the CESER-led process for integrating cybersecurity planning and lifecycle management. CESER is overseeing Section 40126 implementation and has created cybersecurity plan templates that will guide funding recipients to structure a plan that meets their unique levels of risk.

Click on the links below to download the templates:

Go here to access the “Procedure for the Secure Transmittal of Cybersecurity Plans".