Below are the CESER-led BIL provisions.
The Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) is supporting states and territories in the development and strengthening of their State Energy Security Plans (SESP). CESER’s technical assistance and guidance for states is designed to help them fully address the Congressional required elements in BIL Section 40108 before the provision sunsets on October 31, 2025.
All 56 U.S. states and territories must submit a revised plan to DOE by September 30, 2023. CESER will manage the review of submitted SESPs in 2023 and 2024 and continue to evolve technical assistance offerings to meet state needs.
CESER is developing a Report on Cybersecurity of Distribution Systems to assess priorities, policies, procedures, and actions for enhancing the physical security and cybersecurity of electricity distribution systems.
The voluntary Energy Cyber Sense program will test the cybersecurity of energy products and technologies, including bulk-power systems.
DOE’s Rural and Municipal Utility Advanced Cybersecurity (RMUC) Grant and Technical Assistance program will provide support to improve the cybersecurity posture of eligible utilities and increase their participation in threat information sharing programs.
This program will enable participants to develop advanced cybersecurity applications and technologies for the energy sector through a number of activities including research, development, and demonstration (RD&D) funding, workforce development curricula, develop improved supply chain concepts for secure design, and more.
The Energy Threat Analysis Center (ETAC) pilot is a public-private partnership that convenes experts from the federal government and the U.S. energy sector, joining analytic capabilities from the national laboratories with real-world threat insights to secure critical infrastructure and support the nation’s response to energy system threats.
In collaboration with the Office of Electricity and the Office of Grid Deployment, CESER will perform certain modeling and assessment of electric systems that will guide investments in research, development, demonstration, and deployment, and will inform CESER and other DOE offices of opportunities to improve the security and resilience of these electric systems.
Section 40216 of the Infrastructure Investment and Jobs Act (IIJA) provides a framework for ensuring that the Department of Energy’s (DOE) investments in energy sector research and infrastructure are secure and resilient from cybersecurity threats, requiring all relevant IIJA-provisions to have cybersecurity plans.
In March 2023, the Secretary of Energy directed DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) to lead cybersecurity plan coordination across DOE program offices managing provisions. Program offices implementing IIJA provisions are required to follow the CESER-led process for integrating cybersecurity planning and lifecycle management. CESER is overseeing Section 40126 implementation and has created cybersecurity plan templates that will guide funding recipients to structure a plan that meets their unique levels of risk.
Click on the links below to download the templates:
- High Risk Cybersecurity Plan Template (doc)
- Medium Risk Cybersecurity Plan Template (doc)
- Low Risk Cybersecurity Plan Template (doc)
Go here to access the “Procedure for the Secure Transmittal of Cybersecurity Plans".