The US Department of Energy (DOE) has launched an initiative to enhance the cybersecurity of electric utilities’ industrial control systems (ICS) and secure the energy sector supply chain, as part of the Biden Administration's effort to safeguard U.S. critical infrastructure from persistent and sophisticated threats
This 100-day plan is a coordinated effort between DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA), and is expected to cover swift, aggressive actions to confront cyber threats from adversaries who seek to compromise critical systems that are essential to US national and economic security.
“The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” said Secretary of Energy Jennifer M. Granholm. “It’s up to both government and industry to prevent possible harms – that’s why we’re working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system.”
“The safety and security of the American people depend on the resilience of our nation's critical infrastructure. This partnership with the Department of Energy to protect the U.S. electric system will prove a valuable pilot as we continue our work to secure industrial control systems across all sectors,” said CISA Director (Acting) Brandon Wales.
Over the next 100 days, DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) – in partnership with electric utilities – will continue to advance technologies and systems that will provide cyber visibility, detection, and response capabilities for industrial control systems of electric utilities.
The initiative modernizes cybersecurity defenses and encourages owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities. It also includes concrete milestones over the next 100 days for owners and operators to identify and deploy technologies and systems that enable near real time situational awareness and response capabilities in critical industrial control system (ICS) and operational technology (OT) networks; reinforces and enhances the cybersecurity posture of critical infrastructure information technology (IT) networks; and includes a voluntary industry effort to deploy technologies to increase visibility of threats in ICS and OT systems.