As we dive deeper into a digital age, the U.S. is reaching a critical action point: we must prioritize cybersecurity so that all Americans can safely benefit from new and evolving technologies.
Office of Cybersecurity, Energy Security, and Emergency Response
October 26, 2023
minute read time
As we dive deeper into a digital age, the U.S. is reaching a critical action point: we must prioritize cybersecurity so that all Americans can safely benefit from new and evolving technologies. We must ensure the clean energy future has cybersecurity and resilience built in. There’s no better time to reaffirm these priorities than during Cybersecurity Awareness Month.
To set a clear direction on these goals, the Biden-Harris Administration released the National Cybersecurity Strategy (NCS) in March 2023 to establish strategic objectives to advance cybersecurity across all missions, stakeholders, and sectors. In short, the NCS calls for a defensible and resilient digital ecosystem to protect our national security, public safety, and economic prosperity.
This is a significant undertaking. Industry, communities, federal and State, local, Tribal, and territorial partners share the responsibility of creating a more secure cyberspace to keep our nation safe from ever-changing risks. In July 2023, the Biden-Harris Administration released the National Cybersecurity Strategy Implementation Plan (NCSIP) to coordinate efforts with all relevant stakeholders across dozens of Federal initiatives that work towards implementing the Strategy’s vision.
The Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) plays an important role in implementing the NCS, ultimately enabling the protection of critical energy infrastructure, increasing our collective security, and bolstering our systemic resilience. Additionally, as the Sector Risk Management Agency (SRMA) for energy, DOE maintains the day-to-day support of the private sector and has the sector-specific expertise to develop and implement the tools and technologies to help the sector mitigate risk.
The DOE is one of many Federal agencies called upon to support the NCS and NCSIP, which collectively highlight many cybersecurity initiatives taking place within the Federal government. Many of these programs and activities are led by CESER. These are described below, along with links to additional information.
A Strong, Robust Cybersecurity Workforce
The shortage of cybersecurity professionals across all sectors is well documented. In the energy sector, the shortage of individuals possessing both cybersecurity and sector-specific training is even more pronounced. Directed by Congress and developed by a public-private partnership, the National Cyber-Informed Engineering (CIE) Strategy offers a coordinated approach to addressing the acute shortage of control system engineers with cybersecurity knowledge and training. CIE is called out in both the NCS and NCSIP as well as the National Cyber Workforce and Education Strategy that was released by the Biden-Harris Administration in July 2023. The National CIE Strategy aims to help control systems engineers incorporate more cybersecurity principles into digitally connected systems and offers approaches to advance security-by-design for operational technology and control systems. By employing CIE, engineers can prevent cyberattacks at the earliest possible phase of system design.
CESER is continuing to fund programs to advance the implementation of the National CIE Strategy, in partnership with DOE National Laboratories and key R-1 universities, to develop curricula to help train engineers to design cybersecurity into control systems and operational technology. Most recently, CESER supported publication of the CIE Implementation Guide, which provides details on how engineers can incorporate cybersecurity into each phase of the Systems Engineering Lifecycle. This Implementation Guide and other resources will continue to advance the application of cybersecurity to engineering functions, ultimately increasing the cybersecurity and resilience of critical infrastructure and fulfilling the strategic objectives of the NCS, NCSIP, and the National Cyber Workforce and Education Strategy.
A Secure Clean Energy Transition
As the nation moves to decarbonize the grid, CESER is taking a leading role in ensuring that the introduction of distributed energy resources, accelerated by funding from President Biden’s Bipartisan Infrastructure Law (BIL) and Inflation Reduction Act, is undertaken with cybersecurity and resilience in mind. In Strategic Objective 4.4, the NCS highlights key investments, such as the funding in the BIL to construct an interoperable national network of electric vehicle (EV) charging infrastructure, as critical to accelerating the electrification of the U.S. vehicle fleet. CESER, in partnership with DOE’s Office of Energy Efficiency and Renewable Energy and the BIL-created Joint Office of Energy and Transportation, is funding projects at the DOE National Labs and with other partners to support the cybersecurity of this new critical infrastructure. A key example is the just-completed National Institute of Standards and Technology Interagency Report (NIST IR 8473), which presents a cybersecurity framework profile for EV extreme fast charging infrastructure. This foundational technical guideline is the first of several technical security standards being coordinated and funded by CESER that will enable the construction of secure and interoperable EV charging infrastructure in support of the strategic objectives outlined in the NCS, national investments, and national policy goals.
A New Opportunity to Partner and Engage
As we undergo a transformational change to a clean electric grid, ensuring that our energy sector is hardened against ever-evolving cyberattacks is essential. To bring together thought leaders in both cybersecurity and clean energy, CESER is teaming up with DOE’s Grid Modernization Initiative to launch a new event - the Energy Transition Summit: Grid Modernization Initiative and Clean Energy Cybersecurity. The conference, scheduled for February 2024, will highlight DOE-led efforts that are modernizing and securing the grid of the future. This three-day event will convene the clean energy community of interest – including government, industry, research organizations, and local communities – and enable them to build coordinated roadmaps for an electrical grid that is secure, reliable, resilient, equitable, sustainable, and affordable. Registration information will be available soon.
A Secure Energy Supply Chain
Directed in President Biden’s Bipartisan Infrastructure Law and referenced in the NCS, CESER’s Energy Cyber Sense Program is a comprehensive effort to address supply chain risks within the energy sector. The Energy Cyber Sense Program is increasing the cyber resilience of energy sector hardware and software through policies, standards, testing, educational awareness, and more. The Energy Cyber Sense testing and analysis program, CyTRICS, plays an important role in DOE's work to identify cybersecurity risks in the critical components of our energy supply chain before they can be exploited by malicious actors. The success of this program depends on strong, trusted partnerships between government, technology developers, manufacturers, assets owners and operators, academia, and the DOE National Laboratories.
A Cyber Collaboration to Support Energy Threat Response
CESER leads DOE’s Energy Threat Analysis Center (ETAC) pilot, a public-private partnership that convenes experts from the federal government and the U.S. energy sector, to better identify, contextualize, prioritize, and mitigate threats to our nation’s energy infrastructure. The NCS highlighted ETAC as a key component of national cyber information sharing efforts, to include CISA’s Joint Cyber Defense Collaborative, which aims to enable timely, actionable, and relevant threat and vulnerability information sharing to improve the security and resilience of critical infrastructure. As the Sector Risk Management Agency (SRMA) for the energy sector, CESER is uniquely positioned to support this coordinated effort.
Remaining Agile to Meet Evolving Threats
The NCSIP is a living document and will be updated regularly, so the ways DOE and CESER will support the NCS will continue to evolve. But our investment in this work will not. Check in regularly to learn about how we are making a secure, resilient, defensible energy system a reality to benefit all Americans.