DOE calls for 2023 OT Defender Fellowship applications, bolsters energy sector cybersecurity

The U.S. Department of Energy (DOE) announced that it is accepting applications for the next cohort of its Operational Technology (OT) Defender Fellowship, which aims to expand the cybersecurity knowledge and capabilities of U.S. energy sector cyber defenders. The OT Defender Fellowship program enables OT security managers from the energy sector to build relationships with their peers. It also allows cyber experts in U.S. government departments and agencies to understand the OT threat landscape better and strengthen their capabilities to defend critical energy infrastructure.

Sponsored by the DOE and hosted by Idaho National Laboratory (INL), with support from the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation, the fellowship program is a tailored and highly-selective training and education program for middle- and senior-level OT cybersecurity and operations managers from across the U.S. energy sector, including electricity, oil, natural gas, and renewable energy companies. The 2022 cohort includes energy sector asset owners and operators from nationwide organizations.

The OT Defender Fellowship program provides its fellows with an exclusive, insider view of how the government functions. The program has been designed to give middle- and senior-level OT security managers in the energy sector an opportunity to learn about the strategies used to target U.S. energy infrastructure. It also exposes fellows to the cybersecurity tools and tactics that the federal government is using to counter them.

Throughout the year, fellows will engage with the Department of Energy (DOE), Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Office of the National Cyber Director (NCD), National Security Agency, Office of the Director of National Intelligence (ODNI), Transportation Security Administration (TSA), other federal agencies and congressional experts.

The OT Defender Fellowship education program offers middle- and senior-level OT security managers in the U.S. energy sector an opportunity to understand the cyber strategies and tactics that adversarial state and non-state hackers use to target U.S. energy infrastructure. It also gives them an assessment of how the U.S. government is postured to counter these malicious activities.

Security managers serve as a utility’s first line of defense against cyber-enabled sabotage and physical security breaches, ranging from financially motivated material theft to reconnaissance to deliberate attacks in cyberspace and the physical world. As a result, their role is critical, work is challenging, and available resources are limited. 

Launched in 2020 by the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) unit, the OT Defender Fellowship offers one cohort per year, with approximately 15 participants for the 2023 iteration. Participants will attend four in-person sessions, including a scenario-driven capstone exercise where the cohort will demonstrate the understanding of key federal cybersecurity policies, roles and responsibilities, public and private collaborative programs and themes, and other takeaways learned throughout the year.

The goals of the OT Defender Fellowship include serving as an information and idea exchange platform between government and energy sector experts while contributing to the bi-directional advancement of improved cybersecurity and information-sharing capabilities and processes. It also works towards familiarizing and discussing the current state of cybersecurity operations, capabilities, gaps, constraints, and areas for mutual improvement to defend the nation’s critical energy infrastructure better.

“DOE’s OT Defender Fellowship program continues arming senior cybersecurity leaders with the tools and strategies necessary to combat cyber criminals and nation-state actors targeting U.S. energy infrastructure,” Puesh Kumar, director for DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), said in a media statement. “The cybersecurity of critical infrastructure in the United States continues to be a priority for this Administration. DOE, as the sector risk management agency for the U.S. energy sector, will continue to build upon these efforts with private industry partners.”  

After the OT Defender Fellowship program, success will be measured by accomplishing the ability of OT security managers to build and enhance relationships between the energy sector and government cybersecurity managers to increase cyber defense preparedness. They must also provide awareness of the U.S. government’s energy infrastructure cyber defensive strategy and related adversarial geopolitical impacts. It also helps to develop and discuss strategies to organize, consume, and operationalize tactical information about indicators of cyberattacks on critical energy infrastructure.

Additionally, OT security managers must provide an increased understanding of adversarial cyber threats to critical infrastructure, the potential for a cyberattack to result in physical effects, and current capabilities for detection of, defense against, and recovery from these attacks. The program must also equip Fellows with strategies, actionable information, and connections to apply post-Fellowship within their areas of responsibility.

In June, the DOE released the National Cyber-Informed Engineering (CIE) Strategy, which looks at guiding the efforts of the energy sector to incorporate cybersecurity practices into the design life cycle of engineered systems to reduce cyber risk. The CIE Strategy is a shift away from the prevailing structure, where the cybersecurity for most critical infrastructure control systems is addressed separately from system design and engineering.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.