CESER is the Department of Energy’s lead for energy sector exercises.
Exercises are critical to planning a coordinated response to emergencies. The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) prepares for all hazards that could affect energy delivery alongside federal, state, and local government entities, partners from the oil and natural gas and the electricity subsectors, and representatives from other critical infrastructure sectors. By conducting senior-level policy discussions and operationally focused tactical preparedness exercises, CESER is preparing the nation to effectively mitigate any threat to reliable energy that may come – cyber or physical, natural or manmade. Presidential Policy Directive 8, which directs the National Preparedness Goal, underpins the whole-of-community approach behind CESER’s exercises.
After each exercise, CESER undergoes improvement planning based on exercises feedback and results. Once validated, the improved actions are integrated into CESER’s emergency response plans and procedures as well as into future exercises. Exercise results are shared with participants through After-Action Reports, providing participants in CESER-sponsored exercises agreed-upon ways in which they can augment their own preparedness plans. These recommendations often include ways in which participants can better utilize mutual assistance networks and government resources should an incident affect their energy infrastructure.
CESER hosts several annual exercise series. It also sponsors, supports, and participates in industry-led exercises, as well as exercises hosted by associations representing state emergency response organizations. Key reoccurring trainings and exercises include:
Clear Path is CESER’s annual cornerstone all-hazards energy security and resilience exercise series.
The Clear Path series is the principal forum for enhancing the energy sector’s ability to work together in response to catastrophic incidents. The series examines the energy sector’s response and restoration roles, responsibilities, and plans and procedures following a major incident, stressing interdependencies between multiple critical infrastructure sectors. Each year, Clear Path presents response officials from a diverse array of challenging exercise scenarios, allowing them to build upon and validate improvements made in response to lessons learned from previous exercises and real-world incidents. CESER strives to ensure that each new edition of Clear Path presents an increasingly realistic and challenging experience for all participants.
The continued success of Clear Path is predicated on the resolute support and involvement from federal, state, and local municipality government partners, cross-sector entities, and private sector organizations. Since 2013, CESER has engaged over 1,600 energy sector and cross-infrastructure sector partners.
Liberty Eclipse is the Department of Energy’s cybersecurity-focused exercise series.
In previous iterations, participants engaged in hands-on full-scale operations-based exercise on replicated substation equipment from the Defense Advanced Research Project Agency’s (DARPA) Rapid Attack Detection, Isolation and Characterization Systems (RADICS) program. DARPA’s cyber and physical incident responders, which include several utility participants, deploy to these substations for hands-on cyber response actions with operational substation hardware and software common in energy sector. The exercise improves interagency reporting, information sharing, technical assistance, and the energy sector’s ability to address the particular attributes of cyberattacks. Each iteration of the series builds upon lessons learned from previous cybersecurity exercises impacting the energy sector.
Liberty Eclipse advances the federal government’s goal to strengthen overall cyber preparedness within and between the energy sector’s public and private partners.
CyberStrike is CESER’s professional cybersecurity training for operational technology environments.
Since its creation in 2016, CyberStrike has educated more than 1,500 individuals both domestically and internationally. The program offers continuing education credit for participants, modules with scenarios specific to both the electric and the oil and natural gas subsectors, and an instructor cadre comprised of the leading voices on operational technology cybersecurity for energy systems.
The hands-on training opportunities CyberStrike offers is helping the existing cybersecurity workforce to understand how adversaries conduct cyber campaigns against industrial control systems used in the energy sector and the skills needed to counteract these threats.
Interagency and International Exercises
To maintain the ability of the federal government to respond cohesively to national security threats, CESER also participates in exercises sponsored by DOE’s fellow federal agencies. Because of the enabling aspect of energy to other critical infrastructure sectors, CESER, on behalf of DOE as the sector-specific agency (SSA) for the energy sector, regularly meets with other sector-specific agencies to examine the interdependencies among critical infrastructure sectors to plan for contingencies, should one or many of these sectors be adversely affected by an incident.
CESER also collaborates on exercises with the nation’s G7 allies, sharing lessons learned through domestic preparedness exercises and real-world response experience to strengthen the readiness of our international partners. These exercises also help the United States and its allies to identify areas where international support can be beneficial in responding to an incident with effects that cascade across borders.