The U.S. Department of Energy (DOE) on April 20 launched an initiative to enhance the cybersecurity of electric utilities’ industrial control systems (ICS) and secure the energy sector supply chain.
The plan is a coordinated effort between DOE, the electricity industry and the Cybersecurity and Infrastructure Security Agency (CISA).
Over the next 100 days, DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), in partnership with electric utilities, will continue to advance technologies and systems that will provide cyber visibility, detection, and response capabilities for industrial control systems of electric utilities, DOE said in a news release.
DOE said the initiative modernizes cybersecurity defenses and:
- Encourages owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities;
- Includes concrete milestones over the next 100 days for owners and operators to identify and deploy technologies and systems that enable near real time situational awareness and response capabilities in critical ICS and operational technology (OT) networks;
- Reinforces and enhances the cybersecurity posture of critical infrastructure information technology networks; and
- Includes a voluntary industry effort to deploy technologies to increase visibility of threats in ICS and OT systems.
RFI
In addition, DOE released a request for information (RFI) to seek input from electric utilities, energy companies, academia, research laboratories, government agencies, and other stakeholders to inform future recommendations for supply chain security in U.S. energy systems.
The comments received in response to the RFI will enable DOE “to evaluate new executive actions to further secure the nation’s critical infrastructure against malicious cyber activity and strengthen the domestic manufacturing base,” it said.
Accordingly, DOE expects that, during the period of time in which further recommendations are being developed, “utilities will continue to act in a way that minimizes the risk of installing electric equipment and programmable components that are subject to foreign adversaries’ ownership, control, or influence.”
The RFI is available on the DOE Office of Electricity’s web page, www.energy.gov/oe/securing-critical-electric-infrastructure.
“Ensuring the cyber and physical security of our nation’s electric grid is a top priority for APPA and its industry and government partners. As threats to our electric system continue to evolve, we are encouraged to see the Administration take action to engage industry in an effort to continuously improve our collective posture,” the American Public Power Association (APPA) said.
“We see this action as complementary to the existing partnership between APPA and DOE-CESER to help smaller public power utilities improve their security by implementing hardware, firmware and software to detect and respond to adversarial activity through information sharing; provide advanced analytics for pinpointing when and where a system was compromised; and employ autonomous defense at remote endpoints,” APPA said.