Office of Electricity

Working with Partners to Prepare for and Respond to the Cyber Threat

October 20, 2017

You are here

With new stories about cyber threats frequently making headlines, cybersecurity has never been as present in the minds of Americans as it is today. Fortunately, the U.S. energy sector has been working to prepare for and respond to the cybersecurity threat for years to ensure a secure and reliable energy system across the Nation.

The U.S. energy system, including the North American electric grid and our vast network of oil and natural gas pipelines, is some of the most critical infrastructure in the Nation and a key component of our economy. These assets and the overall energy system across the country are designed to be resilient to all hazards, from natural disasters to physical and cyber threats. This resiliency can be attributed to several key factors, including redundancies engineered into the system, sophisticated hardware, software, and other security services utilized by the sector, and critical partnerships between industry and government.

With the cyber threat to the energy sector rapidly evolving, it is becoming more and more important for industry and government to continue to work together closely to understand and mitigate the risk from the cyber threat. To help reduce this risk, DOE works in partnership with companies across the energy sector through organizations such as the Electricity Subsector Coordinating Council (ESCC) and the Oil and Natural Gas Subsector Coordinating Council (ONG SCC). These coordinating councils engage at all levels, from executive leadership to operational personnel, working to help reduce the risks to our critical energy infrastructure through information sharing on threats, development of advanced tools and technologies, incident response planning, and cross-sector coordination. Further, these robust partnerships occur at the senior-most levels of both industry and government.

To further strengthen energy sector preparedness, DOE continues to focus on sharing actionable threat information to the sector, developing risk management tools such as the Cybersecurity Capability Maturity Model (C2M2) to help utilities and companies understand their cybersecurity posture and opportunities for continuous improvement, and working to train owners and operators on emerging cyber threats to operational technologies such as supervisory control and data acquisition systems.

DOE also recognizes that we must not only protect, prevent, and mitigate cybersecurity risks, but also lead robust response and recovery efforts if an incident occurs. DOE has developed plans and playbooks and conducted and participated in cybersecurity exercises such as Liberty Eclipse and GridEx, in coordination with industry and interagency partners, including the Department of Homeland Security, Federal Bureau of Investigation, and the Office of the Director of National Intelligence. These exercises not only help DOE and the industry test and improve plans, but also provide insights for future research and development needs.

Given the complex and interconnected nature of our Nation’s energy system, facing today’s threat landscape requires a truly coordinated approach across industry and government. DOE will continue to work closely with its partners to address growing and every changing threats, promote continuous improvement to strengthen today’s energy systems, and develop innovative solutions that will allow future energy systems to be inherently secure, resilient, and self-healing.

To learn more about the Department’s strategic and comprehensive approach to cybersecurity for the grid and oil and natural gas infrastructure, visit the cybersecurity section of OE’s website.

Panelists at October 2017 cyber event at NRECA
Cynthia Hsu of NRECA, Puesh Kumar of DOE, and Chris Butera of DHS discuss cybersecurity during the recent “Insights on Cybersecurity for Electric Utilities” Forum held at NRECA | Photo courtesy of Dennis Gainer of NRECA