The Department of Energy's (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) recently announced three new research programs to safeguard the U.S. energy system from growing cyber and physical hazards.
The CESER's new portfolio will ramp up protections by addressing potential global supply chain security vulnerabilities, protecting critical infrastructure from electromagnetic and geomagnetic interference, and building a research and talent pipeline for next-generation cybersecurity.
"Our energy system faces unprecedented threat levels from hackers, foreign actors, and natural catastrophes supercharged by climate change — which is why enhancing security is a priority for this administration," said Secretary of Energy Jennifer M. Granholm. "What's more, President Biden's clean energy goals all depend on resilient electrical infrastructure. These new programs will help put us a step ahead of all manner of threats so we can provide safe, reliable power to American households."
The nation's critical energy infrastructure faces a steady stream of evolving threats — from foreign cyberattacks to changing climate and natural hazards such as wildfires and hurricanes — that could have devastating effects on national security, public health and safety, and the U.S. economy. Through the CESER, the DOE assists the efforts of the electricity, oil, and natural gas industries to secure energy infrastructure against such threats.
To support that mission, the CESER's new programs will:
- Secure against vulnerabilities in globally-sourced technologies: Just as modern consumer electronics are the product of engineers, suppliers, and factories from all over the world, so too is much of the hardware and software deployed in the nation's energy sector. But the complex global supply chains the United States relies on in producing this technology creates openings for security vulnerabilities. The CESER is joining with Schweitzer Engineering Laboratories in the Cyber Testing for Resilient Industrial Control System (CyTRICS) program to use state-of-the-art analytics to test the various digital tools used by energy sector partners for security issues. This testing will make it easier to identify and address potential vulnerabilities within industrial control systems before bad actors can exploit them.
- Develop solutions to electromagnetic and geomagnetic interference: Energy sector players recognize they must anticipate risks posed by electromagnetic pulse (EMP) attacks and more likely, but typically less devastating, geomagnetic disturbance (GMD) events — both of which could overload and damage energy systems. The DOE is now collaborating with various utilities and labs on efforts to test, model, and assess systemic vulnerabilities to electromagnetic and geomagnetic interference. Nine pilot projects are already underway as part of the DOE's Lab Call for EMP/GMD Assessments, Testing, and Mitigation. This research will inform development of methods for protecting and mitigating impacts on energy infrastructure.
- Cultivate research on cybersecurity solutions and new talent needed to deploy: Through the CESER's Cybersecurity for Energy Delivery Systems (CEDS) division, the DOE is tapping into the capacity of American universities to develop new cybersecurity technologies and train the next generation of cybersecurity experts employed by the energy sector. Next month, the CESER will announce a new funding opportunity to support university-industry partnerships around cyber and physical solutions.
"Securing U.S. critical infrastructure, particularly in the energy sector, is one our most important and complex national security challenges," said Patricia Hoffman, CESER acting assistant secretary. "Our vision with these programs is to bring together key partners — from industry to the states to the universities — with the expertise and inventiveness needed to enhance energy sector resilience."
