The U.S. Department of Energy (DOE) has announced the release of National Security Memorandum 22 (NSM-22) on Critical Infrastructure Security and Resilience, which will strengthen the role of Sector Risk Management Agencies (SRMAs), including DOE, to lead risk management in partnership with energy asset owners and operators, state, local, Tribal, and territorial (SLTT) partners, international partners, manufacturers, academia, and others.
The NSM will help ensure U.S. critical infrastructure provides the nation a strong and innovative economy, protect American families, enhance collective resilience to disasters and strengthens the nation for generations. The NSM seeks to protect infrastructure as well as the prosperity and security of the nation.
Through the President’s Investing in America agenda, the Biden-Harris Administration has announced $448 billion in Bipartisan Infrastructure Law funding, including over 51,000 infrastructure projects, and encouraged $825 billion in private sector investment in industries including clean power, biomanufacturing, and clean energy manufacturing.
DOE will continue to be a federal lead for policy, preparedness, risk analysis, technical assistance, research and development, operational collaboration, and emergency response activities for the U.S. energy sector. Within DOE, the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will execute day-to-day SRMA responsibilities.
CESER’s continued partnership with the Electricity Subsector Coordinating Council (ESCC), Oil and Natural Gas Coordinating Council (ONG SCC), state energy and emergency officials, and others in the energy sector will play a crucial role for the initiative.
The NSM encourages the establishment of minimum requirements and accountability mechanisms for the security and resilience of critical infrastructure.
DOE will work with energy sector stakeholders and regulators to study existing resilience, security, and reliability requirements and identify gaps that could benefit from new requirements to progress with the growing climate, cyber, and physical risks associated with the sector.
The memorandum also prioritizes operational collaboration models with private sector partners to reduce risk to critical infrastructure, which DOE has studied through various efforts, including the Energy Threat Analysis Center (ETAC) pilot.