Cyber threat mitigation
strategy
DOE Publishes Strategy for Building Power Systems Able to Withstand Cyberattacks
The Department of Energy announced the publication of a congressionally-directed strategy to provide a framework for enhancing engineering training, tools and practices to build resilient clean energy systems designed to withstand cyber threats. Called the National Cyber-Informed Engineering Strategy, the document provides guidance on the application of cybersecurity technology across the engineering design lifecycle of grid development, the DOE said Thursday.
In a statement, the energy department said the CIE strategy encourages the incorporation of cybersecurity technology early in the design lifecycle of engineered systems in the power sector to reduce cyber vulnerabilities that may be exploited by domestic and foreign adversaries. The strategy also proposes techniques to mitigate disruptions to the United States’ critical energy infrastructure even if a cyber-attack is successful.
Energy Sec. Jennifer Granholm said that through the CIE strategy, the DOE is laying out a framework to ensure that the “once-in-a-generation investment from the Bipartisan Infrastructure Law secures the energy sector and delivers a stronger, cleaner electric grid.” She emphasized that building a truly cyber-resilient power grid begins at the design phase.
For his part, Puesh Kumar, director of the Office of Cybersecurity, Energy Security and Emergency Response, said the CIE strategy is organized into five pillars – awareness, education, development, current infrastructure and future infrastructure – and aims to reduce or eliminate cyber vulnerabilities by engineering them out.
The document’s executive summary says the industrial control systems that operate critical energy infrastructure face increasingly severe and sophisticated cyber attacks from determined adversaries. It was stressed that in order to avoid disruptions to the nation’s critical energy functions, energy systems must be engineered to withstand intentional cyber compromise, exploitation and misuse.
Category: Cybersecurity