DOE launches initiative to enhance cybersecurity for electric utilities

Published on April 21, 2021 by Dave Kovaleski

© Shutterstock

The U.S. Department of Energy (DOE) has introduced a new program designed to bolster the cybersecurity of electric utilities’ industrial control systems (ICS).

The initiative is a coordinated effort between DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA) to protect critical systems that are essential to U.S. national and economic security from cyber attacks.

“The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” Secretary of Energy Jennifer Granholm said. “It’s up to both government and industry to prevent possible harms – that’s why we’re working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system.”

Specifically, the initiative encourages owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities. It includes concrete milestones over the next 100 days for owners and operators to identify and deploy technologies and systems that enable near real-time situational awareness and response capabilities in critical ICS and operational technology networks. Also, it would enhance the cybersecurity posture of critical infrastructure information technology networks.

“The safety and security of the American people depend on the resilience of our nation’s critical infrastructure. This partnership with the Department of Energy to protect the U.S. electric system will prove a valuable pilot as we continue our work to secure industrial control systems across all sectors,” CISA Director (Acting) Brandon Wales said.

The Edison Electric Institute (EEI) supports this new initiative.

“Given the sophisticated and constantly changing threats posed by adversaries, America’s electric companies remain focused on securing the industrial control systems that operate the North American energy grid. We welcome the new ICS initiative and appreciate that the Biden administration is making cybersecurity for operations a high priority,” EEI President Tom Kuhn said.

Cybersecurity is viewed as the responsibility of both industry and government, and EEI and its member companies coordinate through the CEO-led Electricity Subsector Coordinating Council (ESCC) to prepare for, and respond to, disasters and/or threats to critical infrastructure, he explained.

Kuhn said the initiative is complementary to other ESCC initiatives that are already underway.

“The White House is leading the effort – in close coordination with the private sector and its partners in the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (DOE-CESER) – which demonstrates the power of industry and government working in partnership to protect systems vital to national security,” Kuhn added.

The DOE also has released a new Request for Information (RFI) to seek input from electric utilities, energy companies, academia, research laboratories, government agencies, and other stakeholders to protect the supply chain in U.S. energy systems. Responses to the RFI are due by June 7.