CESER debuts RMUC Program to provide cybersecurity grant, technical assistance to rural, municipal utilities

The DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) introduced Monday its Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance Program (RMUC Program), accelerating the ability of electric utilities to improve their cybersecurity posture. The agency will also host listening sessions for eligible entities and other interested parties to ensure CESER maximizes the value of the government investment.

CESER will develop the RMUC program in coordination with other government partners, leveraging the US$250 million made available in Section 40124 of the Bipartisan Infrastructure Law (BIL). The BIL is an investment in the U.S.’s infrastructure to ensure a clean energy future is resilient and secure. The program prioritizes rural, municipal, and small investor-owned utilities with limited cybersecurity resources critical to the reliability of the bulk-power system and/or that own defense critical electric infrastructure.

Apart from hosting the series of listening sessions for eligible entities and other interested parties, CESER will collect input from the listening sessions to create a comprehensive program plan that bolsters cybersecurity for eligible utilities based on the needs identified by session participants. DOE is committed to improving rural and municipal energy infrastructure that aligns with the community’s goals and insights.

The initial listening session will be held on Aug. 18, where the RMUC Program will initiate conversations on critical priorities. Additional listening sessions will focus on issues and opportunities to advance the cybersecurity posture of rural and municipal electric utilities. CESER’s RMUC Program listening sessions are free to attend, though they remain closed to the press. 

The BIL provides $27 billion to upgrade and modernize the electrical grid to make it more resilient to extreme weather and cyber-attacks while helping CESER advance its energy security mission through various measures. It includes a resilience grant program to harden electric infrastructure and investments in enhanced grid security, including cybersecurity R&D, technical assistance, and threat assessments.

The DOE also seeks to establish a program to test the cybersecurity of products and technologies in the energy sector. The program will build upon CESER’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS) program. It will also support the Federal Energy Regulatory Commission’s (FERC) exploration of options to incentivize investment in cybersecurity technologies and threat information sharing. 

The agency will offer new and continued efforts to strengthen the security of U.S. energy sector hardware and software, bolster the cybersecurity workforce, advance modeling capabilities, and improve cyber threat detection, response, and resilience capabilities. Additionally, a DOE-wide cybersecurity plan requires all award or funding recipients to demonstrate the cybersecurity maturity of the project or solution while establishing a plan to maintain and improve the cybersecurity throughout the life of the project or solution.

In June, the DOE’s Securing Energy Infrastructure Executive Task Force (SEI ETF) has, over the last two years, developed a body of work that is advancing the state of the practice for industrial control systems (ICS) cybersecurity. Now, portions of this jointly-developed technical work are being adopted and expanded by the Industrial Society of Automation (ISA) and the MITRE’s Common Weakness Enumeration (CWE) framework.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.