The U.S. Department of Energy's 2024 Cybersecurity Strategy
Understanding cybersecurity risks to the DOE enterprise by identifying threats, critical systems and their interdependencies and vulnerabilities, and estimating the likelihood and potential impact of cybersecurity incidents. Sound understanding of the overarching risk is required to effectively allocate resources, prioritize efforts, and develop an effective mitigation strategy.
Mitigating cybersecurity risks by applying zero trust cybersecurity principles and enhancing vulnerability management. Such protective efforts seek to reduce organizational and systemic risk of unintentional or malicious cyber activities and empower leadership to make informed risk-based decisions, improving the Department’s overall cybersecurity posture.
Enabling mission resilience through enhanced governance and collaborative activities to make the Department’s overall ecosystem more defensible. Aligning internal and external cybersecurity efforts will drive innovations that will help shift the advantage away from malicious actors toward those defending our systems and network.
Developing the workforce by improving cybersecurity awareness and capability. To protect networks and critical infrastructure, the Department must be armed with the right resources, people, and tools, including building and cultivating the workforce to effectively defend, deter, and protect our critical assets from threats.
Protecting critical energy infrastructure by ensuring cyber resilience for assets, systems, and networks that provide functions necessary for execution of the broad DOE mission. This includes partnering with key stakeholders, such as other sector-specific agencies and 7 the private sector, to drive improved cybersecurity by promoting the development and adoption of best practices.
Cybersecurity Research, Development, and Demonstration for Energy Systems
The U.S. Department of Energy is focused on reducing the risk of energy disruptions due to cyber events by bringing to bear the best ideas of the Federal government, the National Laboratories, private partners across the energy sector, academia, and state and local governments. Through the research, development, and demonstration (RD&D) cycle, these game-changing projects aim to enhance the speed and effectiveness of threat and vulnerability information sharing, accelerate the mitigation of cyber incidents in today’s systems, and enhance resilience while reducing risk in a quantifiable manner.
DOE moves innovative research to industry-ready solutions using a strategic mix of RD&D that focuses on both shorter-term RD&D with a high probability of rapid market readiness and game-changing RD&D that supports next-generation cyber system designs. These products are commercialized, released as guidance or open-source software, or adopted into ongoing research to develop new capabilities that help the energy sector achieve its vision of energy delivery systems that can prevent or withstand a cyberattack.
Cybersecurity RD&D Funding Opportunities
When RD&D funding opportunities become available, an application can be found at the National Energy Technology Laboratory’s Solicitations and Funding Opportunities webpage.