This audio is automatically generated. Please let us know if you have any feedback.
The Department of Energy is optimistic it will succeed with its new framework for building resilient clean energy systems that can withstand malicious cyberattacks.
The DOE last week unveiled the National Cyber-Informed Engineering Strategy, a bipartisan plan to strengthen the energy sector’s resilience to a cyberattack. According to DOE officials, the plan calls for building more cyber resilience into the manufacturing, development and deployment of computer systems used by energy utilities.
“The focus of the CIE strategy is to implement cybersecurity knowledge and strategies in the earliest possible stages of the energy system life cycle,” said Puesh Kumar, director of the DOE Office of Cybersecurity, Energy Security and Emergency Response.
The DOE’s efforts come at a critical time for the energy sector, which is a high-profile critical infrastructure target. Last year’s ransomware attack on the Colonial Pipeline has also made efforts to combat threats to critical infrastructure more urgent.
That incident disrupted gasoline supplies in the Southeast and Eastern US for nearly a week in May 2021, causing gasoline prices to skyrocket and gas stations to be temporarily closed as panicked consumers scramble to secure dwindling fuel supplies.
“The Colonial Pipeline incident was a stark reminder of the need to protect the country’s critical infrastructure against serious and growing threats such as ransomware,” Kumar said via email.
Russia’s invasion of Ukraine put renewed pressure on the energy grid as US and NATO member countries announced sanctions against Russian gas and fuel suppliers. Allied countries had to switch to alternative energy sources.
The energy sector in several European Union countries was successfully attacked by cyber attackers after the invasion of Ukraine. Threat actors targeted oil trading facilities in Amsterdam-Rotterdam-Antwerp and also took thousands of wind turbines belong to Germany’s Enercon. US officials have repeatedly warned of threats against US energy companies related to the Russian invasion and US sanctions.
But cyber threats to the US energy sector date back more than a decade. In March the Ministry of Justice unsealed charges against four Russian government employees for hacking campaigns against global energy targets between 2012 and 2018.
To protect against these heightened threats, the CIE strategy aims to integrate cybersecurity mechanisms early into system electronics designed to withstand a sophisticated attack, according to Manny Cancel, senior vice president of North American Electric Reliability Corp. and President of the Electricity Information Sharing and Analysis Center.
In addition, there are plans to teach better cyber resilience at an academic level so that educators will help develop workers with the skills needed to become cyber aware.
Ben Miller, vice president, professional services and R&D at Dragos, said assigning a risk value to the power grid is difficult.
“What we do know is that technology is increasingly connected and threat groups are growing in number, but so are [in] Sophistication around critical infrastructure [systems] like industrial control systems,” Miller said via email.
A group of 18 organizations linked to the oil and gas industry pledged to take collective action on cyber resilience during the World Economic Forum in May. The group included some of the world’s leading energy companies, including Aramco, Suncor and Occidental Petroleum.
“Energy security is national security,” said Megan Samford, vice president and chief product security officer for power management at Schneider Electric, via email. “Cyber Informed Engineering is about building security directly into products and systems, with a focus on the most critical ones.”