The U.S. Department of Energy's 2024 Cybersecurity Strategy
Understanding cybersecurity risks to the DOE enterprise by identifying threats, critical systems and their interdependencies and vulnerabilities, and estimating the likelihood and potential impact of cybersecurity incidents. Sound understanding of the overarching risk is required to effectively allocate resources, prioritize efforts, and develop an effective mitigation strategy.
Mitigating cybersecurity risks by applying zero trust cybersecurity principles and enhancing vulnerability management. Such protective efforts seek to reduce organizational and systemic risk of unintentional or malicious cyber activities and empower leadership to make informed risk-based decisions, improving the Department’s overall cybersecurity posture.
Enabling mission resilience through enhanced governance and collaborative activities to make the Department’s overall ecosystem more defensible. Aligning internal and external cybersecurity efforts will drive innovations that will help shift the advantage away from malicious actors toward those defending our systems and network.
Developing the workforce by improving cybersecurity awareness and capability. To protect networks and critical infrastructure, the Department must be armed with the right resources, people, and tools, including building and cultivating the workforce to effectively defend, deter, and protect our critical assets from threats.
Protecting critical energy infrastructure by ensuring cyber resilience for assets, systems, and networks that provide functions necessary for execution of the broad DOE mission. This includes partnering with key stakeholders, such as other sector-specific agencies and 7 the private sector, to drive improved cybersecurity by promoting the development and adoption of best practices.
Cybersecurity Research, Development, and Demonstration for Energy Systems
The U.S. Department of Energy (DOE) is dedicated to reducing cyber-related energy disruptions by collaborating with federal agencies, National Laboratories, private partners, academia, and state/local governments. Through research, development, and demonstration (RD&D) projects, DOE aims to improve threat information sharing, accelerate incident mitigation, and enhance resilience against cyberattacks. DOE strategically utilizes RD&D to develop both short-term, market-ready solutions and long-term, game-changing cyber system designs. These innovations are then commercialized, released as guidance or open-source software, or integrated into ongoing research to help the energy sector build cyberattack-resistant energy delivery systems.
Cybersecurity RD&D Funding Opportunities
When RD&D funding opportunities become available, an application can be found at the National Energy Technology Laboratory’s Solicitations and Funding Opportunities webpage.