Over the past week, the Energy Department has unveiled several new measures, including funding, newly-commercialized technology, and practical guidance, that will further strengthen the cybersecurity of the nation’s energy infrastructure. Vice President Biden announced yesterday that the Energy Department will provide a $25 million grant over the next five years to bring together 13 historically black colleges and universities (HBCUs), two national labs, and the Charleston County School District in South Carolina to create a sustainable pipeline of students focused on cybersecurity. Today, our national laboratory in Oak Ridge, Tennessee announced licensing of its Hyperion software, which helps detect software that has been maliciously altered, to a company that expects to make it available to the energy sector later this month. Meanwhile, late last week, the Office of Electricity Delivery and Energy Reliability (OE) released guidance to help the energy sector meet the objectives of the cybersecurity framework released last year by the National Institutes of Standards and Technology in response to Executive Order 13636 “Improving Critical Infrastructure Cybersecurity.”

These important steps are the latest signs of progress being made in protecting the nation’s power grid from cyber threats. Every day, we work closely with industry, our national laboratories, academia and federal and state partners to reduce the risk of energy disruptions due to a cyber incident and, if one does occur, mitigate its effects without loss of critical functions. Since 2010, OE has invested more than $150 million in cybersecurity  research, development and demonstration projects, including Hyperion, that are led by industry, universities and national labs. Since then, 20 new technologies that OE investments helped support are now being used to further advance the resilience of the nation’s energy delivery systems. The energy sector and OE are working in close partnership toward the energy sector’s Roadmap to Achieve Energy Delivery Systems Cybersecurity vision of resilient energy delivery systems designed, installed, operated and maintained to survive a cyber incident while sustaining critical functions.

Helping grid owners and operators know about a potential problem as soon as possible is also vital. We launched our Cybersecurity Risk Information Sharing Program (CRISP) last year with our private sector partners to provide a near real-time capability critical for infrastructure owners and operators to voluntarily share cyber threat data, analyze that data, and receive mitigation measures. Since then, the North American Electric Reliability Corporation (NERC) decided to have its Electricity Sector Information Sharing and Analysis Center (ES-ISAC) manage CRISP for the electricity sector, thereby transitioning the small DOE-funded pilot with five electric sector companies to an industry-managed and funded public-private partnership. NERC’s ES-ISAC currently has eight electricity subsector companies up and running in CRISP, with more scheduled to start later this year.

This is just a snapshot of the broad range of sustained cybersecurity activities that we are moving forward. As the landscape evolves, the Energy Department will continue working with our private and public partners to further strengthen and refine protection of our critical energy infrastructure.

To learn more about the Department’s strategic approach to protecting the nation’s electric grid from all hazards, including the cyber threat, visit the Office of Electricity Delivery and Energy Reliability’s website.

Patricia A. Hoffman
Acting Assistant Secretary, Office of Electricity
more by this author