During this month’s National Cybersecurity Awareness Month, I want to encourage everyone to learn more about how to use the internet safely. The Stop Think Connect Resource Guide, which is part of an initiative led by the Department of Homeland Security (DHS) in cooperation with the National Cyber Security Alliance, is a valuable tool for promoting online safety in our homes, communities, and businesses.

Here at the Department of Energy (DOE), we take protection of the Nation’s critical energy infrastructure very seriously. As I discussed during the Committee on Homeland Security’s hearing on October 3, cyber attacks targeting information technology (IT) systems to cause disruptions and exploit information for private gain are growing increasingly common. The energy sector is not immune to such attacks. Cyber threats are growing in frequency, scale, and sophistication, all while attacks have become easier to launch. Unlike attacks on business IT systems, cyber attacks on energy control systems have the potential to disrupt power or fuel supplies and damage specialized equipment.

The cybersecurity of energy sector operating technology (OT) systems requires specific and focused attention because of their need for extremely high reliability and availability and their critical importance to America’s economic health, public safety, and national security. Every day, the Office of Electricity Delivery and Energy Reliability (OE) is working closely with its industry, federal, and state partners around the clock to protect the grid and oil and natural gas infrastructure from all hazards, including the cyber threat. As our industry partner the Edison Electric Institute noted recently, protecting the grid requires constant attention.

Our cyber strategy is two-fold:  

• Work with our partners to address growing threats and promote continuous improvement to strengthen today’s energy delivery systems, and

• Develop solutions that will allow future energy systems to be inherently secure, resilient, and self-healing.

To do this, we’re prioritizing work in three areas:

• Strengthening cybersecurity preparedness in the energy sector,

• Improving our capabilities to coordinate cyber incident response and recovery, and

• Accelerating innovative research, development, and demonstration of resilient energy delivery systems.

All of our cybersecurity activities align with the vision and goals of the Roadmap to Achieve Energy Delivery Systems Cybersecurity, which was developed by industry and facilitated by the Department: resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber incident while sustaining critical functions.

In such a rapidly-evolving environment, we must continue moving forward quickly and strategically. Just last month, for example, as part of its $50 million investment to improve the resilience and security of the Nation’s critical energy infrastructure, the Department announced the award of over $20 million to DOE’s National Laboratories and partners to support critical early stage research and development of next-generation technologies to strengthen protection of the Nation's electric grid and oil and gas infrastructure from the cyber threat. These technologies are expected to have broad applicability to the U.S. energy delivery sector by meeting the needs of the energy sector in a cost-effective manner with a clear path for acceptance by asset owners and operators. A detailed list of the 20 cybersecurity projects selected for awards is available HERE. Since 2010, DOE has invested more than $270 million in cybersecurity research, development, and demonstration projects that are led by industry, universities, and DOE’s National Laboratories.

Stay tuned in the coming weeks as we share more updates on our cybersecurity work and the impact of this vitally-important work. Also this month, DOE’s Office of Chief Information Officer is marking National Cybersecurity Awareness Month with a series of events and tips for DOE employees. For more information about National Cybersecurity Awareness Month, visit the DHS website. Cybersecurity is a shared responsibility, and we all have an impact.  

To learn more about the Department’s strategic and comprehensive approach to cybersecurity for the grid and oil and natural gas infrastructure, visit the cybersecurity section of OE’s website.