The U.S. Department of Energy (DOE) has announced $45 million to create, accelerate, and test technology that will protect the electric grid from cyber attacks.
Cyber threats to American energy systems can shut down critical energy infrastructure and disrupt energy supply, the economy, and the health of American consumers. Cybersecurity remains a priority as clean energy technologies deployed on the grid become highly automated.
Earlier this year, Supervisory Special Agent Ted P. Delacourt, a federal civilian working in the Mission Critical Engagement Unit of the Cyber Division at the Federal Bureau of Investigation, wrote that a cyber attack on one critical infrastructure sector may initiate a failure in another or cascade to the entire interconnected critical infrastructure network.
“The ubiquitous nature of these critical infrastructure sectors and the distribution of their physical and networked assets across a wide geographical area, often spanning the entire country, make them attractive targets,” Delacourt wrote for HSToday. “State, non-state, and criminal actors continually seek victims of opportunity across all critical infrastructure sectors for monetary and strategic gain.”
Delacourt warned that cyber attacks on critical infrastructure will continue to grow in number and frequency and continue to escalate in severity.
Combined with the additional grid upgrades funded in the Bipartisan Infrastructure Law and the Inflation Reduction Act, the latest DOE announcement means the United States will have an opportunity to build greater cyber defenses into its energy sector. The $45 million funding announced on August 17 will support up to 15 research, development, and demonstration (RD&D) projects that will focus on developing new cybersecurity tools and technologies designed to reduce cyber risks for energy delivery infrastructure. Building strong and secure energy infrastructure across the country is a key component of reaching President Biden’s goal of a net-zero carbon economy by 2050.
“As DOE builds out America’s clean energy infrastructure, this funding will provide the tools for a strong, resilient, and secure electricity grid that can withstand modern cyberthreats and deliver energy to every pocket of America,” said U.S. Secretary of Energy Jennifer M. Granholm. “DOE will use this investment to continue delivering on the Biden Administration’s commitment to making energy cheaper, cleaner, and more reliable.”
DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will fund up to 15 research projects that will establish or strengthen existing research partnerships with energy sector utilities, vendors, universities, national laboratories, and service providers working toward resilient energy delivery systems. The effort will lead to the creation of next-generation tools and technologies designed to reduce cyber incident disruption to energy delivery. Researchers will aim to develop tools and technologies that enable energy systems to autonomously recognize a cyber attack, attempt to prevent it, and automatically isolate and eradicate it with no disruption to energy delivery.
There are six proposed topic areas for the projects, which include:
- Automated Cyber Attack Prevention and Mitigation: This topic area will focus on tools and technologies that enable energy systems to autonomously recognize and prevent cyber attacks from disrupting energy.
- Security and Resiliency by Design: This topic area will focus on tools and technologies that build cybersecurity and resilience features into technologies through a cybersecurity-by-design approach.
- Authentication Mechanisms for Energy Delivery Systems: This topic area will focus on tools and technologies that strengthen energy sector authentication.
- Automated Methods to Discover and Mitigate Vulnerabilities: This topic area will focus on tools and technologies that address vulnerabilities in energy delivery control system applications.
- Cybersecurity through Advanced Software Solutions: This topic area will focus on developing software tools and technologies that can be tested in a holistic testing environment that includes a development feedback cycle.
- Integration of New Concepts and Technologies with Existing Infrastructure: This topic area will require applicants to partner with energy asset owners and operators to validate and demonstrate cutting-edge cybersecurity technology that can be retrofitted into existing infrastructure.