The Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has launched three research programs, as it works towards strengthening its efforts to protect the U.S. energy system from growing physical and cybersecurity threats.
The new measures will address potential global supply chain security vulnerabilities, securing critical infrastructure from electromagnetic and geomagnetic interference, and building a research and talent pipeline for next-generation cybersecurity, according to a DOE statement. Through CESER, DOE assists the efforts of the electricity, oil, and natural gas industries to secure energy infrastructure against threats.
Threats from foreign cyberattacks, and climate and natural hazards such as wildfires and hurricanes on critical infrastructure could have devastating effects on national security, public health and safety, and the U.S. economy, DOE said.
CESER is joining, for example, with Schweitzer Engineering Laboratories in the Cyber Testing for Resilient Industrial Control System (CyTRICS) program, to deploy analytics to test the various digital tools used by energy sector partners for security issues. This testing will make it easier to identify and address potential vulnerabilities within industrial control systems before bad actors can exploit them.
CyTRICS partners with various stakeholders to identify high-priority operational technology (OT) components, perform expert testing, share information about vulnerabilities in the digital supply chain, and inform improvements in component design and manufacturing.
Through CESER’s Cybersecurity for Energy Delivery Systems (CEDS) division, DOE is tapping into the innovative capacity of U.S. universities to develop new cybersecurity technologies and train the next generation of cybersecurity experts employed by the energy sector. Next month, CESER will announce a new funding opportunity to support university-industry partnerships around cyber and physical solutions.
“Securing U.S. critical infrastructure, particularly in the energy sector, is one of our most important and complex national security challenges,” said Patricia Hoffman, CESER’s acting assistant secretary. “Our vision with these programs is to bring together key partners—from industry to the states to universities—with the expertise and inventiveness needed to enhance energy sector resilience.”
The World Economic Forum (WEF) also identified that cyberattacks on critical infrastructure are a top concern in its Global Risks Report, as such incidents are increasingly becoming commonplace across industries including energy, healthcare and transportation.
Global connectivity, the rise of connected Internet of Things (IoT) devices, and the advent of smart cities further increases the global threat surface, and creates new opportunities for attackers, according to the WEF. Threat actors, including nation states, terrorists and organized crime, have become more sophisticated, and see critical infrastructure as a priority target, it added.
While some assessments of the U.S. energy sector’s safeguards against cybersecurity threats in the OT and IT space often strike a gloomy note, especially in the wake of the SolarWinds attack, analysts from Siemens Energy and CyberSaint at a webinar last week, delivered an optimistic note. The analysts said at the event that U.S. energy companies and the federal government were both working actively and collaboratively to strengthen cybersecurity defenses and share information.
The DOE rolled out last December a pilot program that aims to expedite the identification of and sharing of information on cyberthreats affecting OT systems in the energy industry.