DOE Announces Cybersecurity Programs for Enhancing Safety and Resilience of U.S. Energy Sector

CESER Adding Three New Research Programs to Develop New Safeguards Against Physical and Cyber Threats

WASHINGTON, D.C. – The Department of Energy's (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) today announced three new research programs to safeguard the U.S. energy system from growing cyber and physical hazards. CESER’s new portfolio will ramp up protections by addressing potential global supply chain security vulnerabilities, protecting critical infrastructure from electromagnetic and geomagnetic interference, and building a research and talent pipeline for next-generation cybersecurity.  

“Our energy system faces unprecedented threat levels from hackers, foreign actors, and natural catastrophes supercharged by climate change—which is why enhancing security is a priority for this administration,” said Secretary of Energy Jennifer M. Granholm. “What’s more, President Biden’s clean energy goals all depend on resilient electrical infrastructure. These new programs will help put us a step ahead of all manner of threats so we can provide safe, reliable power to American households.”

"Foreign adversaries are taking new and aggressive tactics to compromise our critical infrastructure, including our electric grid. We must increase our efforts to ensure our energy sector is prepared to mitigate any threat that poses a risk to Americans’ connectivity and access to power,” said Congressman Frank Pallone, Jr., Chairman of the House Energy and Commerce Committee. “I’m pleased to see the Biden Administration taking this issue so seriously and look forward to working closely with them to improve our energy cybersecurity and resiliency.”

The nation’s critical energy infrastructure faces a steady stream of evolving threats—from foreign cyber-attacks, to changing climate and natural hazards such as wildfires and hurricanes—that could have devastating effects on national security, public health and safety, and the U.S. economy. Through CESER, DOE assists the efforts of the electricity, oil, and natural gas industries to secure energy infrastructure against such threats. To support that mission, CESER’s new programs will:

• Secure against vulnerabilities in globally-sourced technologies: Just as modern consumer electronics are the product of engineers, suppliers, and factories from all over the world, so too is much of the hardware and software deployed in our energy sector. But the complex global supply chains the U.S. relies on in producing this technology creates openings for security vulnerabilities. CESER is joining with Schweitzer Engineering Laboratories in the Cyber Testing for Resilient Industrial Control System (CyTRICS™) program, to use state-of-the-art analytics to test the various digital tools used by energy sector partners for security issues. This testing will make it easier to identify and address potential vulnerabilities within industrial control systems before bad actors can exploit them.  
• Develop solutions to electromagnetic and geomagnetic interference: Energy sector players recognize they must anticipate risks posed by electromagnetic pulse (EMP)  attacks and less likely, but equally devastating geomagnetic disturbance (GMD) events—both of which could overload and damage energy systems. DOE is now collaborating with various utilities and labs on efforts to test, model, and assess systemic vulnerabilities to electromagnetic and geomagnetic interference. Nine pilot projects are already underway as part of DOE’s Lab Call for EMP/GMD Assessments, Testing, and Mitigation. This research will inform development of methods for protecting and mitigating impacts on energy infrastructure.  
• Cultivate research on cybersecurity solutions and new talent needed to deploy: Through CESER’s Cybersecurity for Energy Delivery Systems (CEDS) division, DOE is tapping into the innovative capacity of American universities to develop new cybersecurity technologies and train the next generation of cybersecurity experts employed by the energy sector. Next month, CESER will announce a new funding opportunity to support university-industry partnerships around cyber and physical solutions.

“Securing U.S. critical infrastructure, particularly in the energy sector, is one our most

important and complex national security challenges,” said CESER Acting Assistant Secretary Patricia Hoffman. “Our vision with these programs is to bring together key partners—from industry to the states to universities—with the expertise and inventiveness needed to enhance energy sector resilience.”

Securing Our Energy System

These programs are just the latest energy security contributions since CESER’s establishment in 2018. Over the last year, CESER assisted the States, energy operators, and utilities in managing the impacts of COVID-19 and a record-breaking hurricane season. CESER has also facilitated stronger cybersecurity coordination between government and industry through the Energy Sector Pathfinder and trained hundreds of energy sector officials in cybersecurity and natural disaster response. For more information, visit CESER’s webpage.

###