Bottom Line Up Front: The Department of Energy (DOE) will implement new cybersecurity programs to enhance energy sector resilience. DOE’s announcement coincides with the Senate Energy and Natural Resources Committee’s support for the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Expect to see resilience to cyber attacks in future government procurement activities.

On March 18, 2021, CESER announced several new research programs designed to enhance the safety and resilience of the U.S. energy sector. The Trump administration established CESER to protect critical energy infrastructure by assisting oil, natural gas, and electricity industries secure their infrastructure. Currently, energy infrastructure faces threats not only from climate and natural hazards, but also evolving and increasing physical and cyber threats.

CESER aims to broaden its protections for energy infrastructure with new programs focusing on: (1) global supply chain security, (2) electromagnetic and geomagnetic interference, and (3) the next generation of cybersecurity.

  1. To secure against vulnerabilities in globally-sourced technologies deployed in the U.S. energy sector, CESER is joining forces with the Schweitzer Engineering Laboratories in the Cyber Testing for Resilient Industrial Control System program. By testing various hardware and software used in the energy sector, CESER will be able to identify and address potential security vulnerabilities within industrial control systems.
  2. Electromagnetic pulse attacks and geomagnetic disturbance events have the potential to overload and damage energy systems. By researching and assessing systemic vulnerabilities to these types of events, CESER will be better able to develop methods for protecting against and mitigating the impacts of electromagnetic and geomagnetic interference on energy infrastructure.
  3. When looking forward toward the next generation of cybersecurity, CESER will aid in the training of future cybersecurity experts and support the research and development of new cybersecurity technologies. Next month, CESER plans to announce a new funding opportunity to support partnerships with universities, with the goal of fostering new and innovative security solutions.

DOE acknowledges that securing critical energy infrastructure remains vital to U.S. national interests, and CESER’s programs will be at the forefront of DOE’s efforts to improve the resiliency and reliability of the energy sector.  Fortunately, this appears to be an area where the White House and the Senate agree.

A March 25, 2021 letter from the bipartisan leaders of the Senate’s Energy and Natural Resources Committee to Energy Secretary Jennifer Granholm urges prioritizing cybersecurity at DOE and maintaining CESER’s leadership role in the face of persistent threats to the power grid. The Committee’s letter cites a Government Accountability Office report, warning that the nation’s electrical grid is “increasingly at risk from cyberattacks,” recommending that DOE include cybersecurity as a priority effort in its plans to protect these systems.

What does this mean for stakeholders in the energy sector?

The most likely scenario involves a combination of additional resources and increased expectations for resilient systems, at least for those systems purchased or used by the Federal government:

  • 2021 National Defense Authorization Act (NDAA) appropriated $37.5 million dollars and 82 full-time equivalent personnel for Homeland Security’s Stakeholder Engagement and Requirements program.
  • NDAA amends the Homeland Security Act of 2002, authorizing the Department of Homeland Security (DHS) to appoint a Cybersecurity State Coordinator in each of the fifty states who is responsible for building strategic public and voluntary private sector relationships to facilitate the development and maintenance of secure and resilient infrastructure.
  • NDAA also requires new military construction contracts include an evaluation of the life-cycle designed cost and the energy security and energy resilience capabilities of facilities built under new contracts.

Congress’s intent with the DHS appropriation to provide assistance to critical infrastructure appears to be supported by the White House:

  • In February 2021, the General Services Administration confirmed it would continue to incorporate cybersecurity requirements historically used in military procurement contracts into government-wide acquisition contracts (GWACs), incrementally raising the bar for civilian agencies’ procurement requirements.
  • On April 1, 2021 Deputy National Security Advisor Anne Neuberger said in an interview with the Associated Press that the government committed to assisting electric utilities, water districts and other critical industries to protect themselves against cyberattacks.
  • On April 6, 2021, DOE announced it had earmarked $8 million to fund development of cyber-physical concepts for ensuring the resiliency and security of electric grid infrastructure.
    • Funding opportunity includes sponsored collaboration with universities to install, operate and maintain energy infrastructure that remains able to perform essential functions after a cyber-attack.
Print:
EmailTweetLikeLinkedIn
Photo of Erik Dullea Erik Dullea

A member of Husch Blackwell’s Technology, Manufacturing & Transportation team, Erik focuses on administrative/regulatory law, with an emphasis on heavily regulated industries and government contractors. He represents mine operators in MSHA enforcement actions, energy and industrial companies in OSHA enforcement actions, and advises…

A member of Husch Blackwell’s Technology, Manufacturing & Transportation team, Erik focuses on administrative/regulatory law, with an emphasis on heavily regulated industries and government contractors. He represents mine operators in MSHA enforcement actions, energy and industrial companies in OSHA enforcement actions, and advises airlines and their pilots challenging FAA and DOT enforcement actions. Erik advises government contractors on transactional matters, bid protests and civil litigation. He holds an active security clearance and has 20 years of experience in the aviation industry as both a Navy pilot and a commercial pilot. Erik is a co-chair of Husch Blackwell’s Unmanned Aircraft Systems practice group.

Photo of James Hoecker James Hoecker

A nationally recognized energy advisor, Jim primarily concentrates his practice on emerging markets in the wholesale electric and natural gas areas. Inside and outside government, Jim has focused his representations on electric utilities, utility investors, transmission companies, and gas and oil pipelines on

A nationally recognized energy advisor, Jim primarily concentrates his practice on emerging markets in the wholesale electric and natural gas areas. Inside and outside government, Jim has focused his representations on electric utilities, utility investors, transmission companies, and gas and oil pipelines on issues of infrastructure development and rate regulation, demand response and environmental law.

Photo of Megan Sword Megan Sword

Megan is passionate about applying her technical knowledge in computer programming and software development to help clients protect their ideas, inventions and intellectual property. Megan regularly assists clients with patents, trademarks, copyrights and trade secrets. She guides individuals and companies at all phases…

Megan is passionate about applying her technical knowledge in computer programming and software development to help clients protect their ideas, inventions and intellectual property. Megan regularly assists clients with patents, trademarks, copyrights and trade secrets. She guides individuals and companies at all phases of maturity: from student entrepreneurs to global corporations.