Idaho National Lab, NIST Developing Action Plan for Securing Electric Grid

Idaho National Laboratory will seek feedback from industry on the use of cyber-informed engineering as part of its future action plan aimed at securing the energy sector from cyberattacks. The Department of Energy national lab managed by Battelle Energy Alliance is developing the action plan with the National Institute of Standards and Technology based on the DOE’s National Cyber-Informed Engineering Strategy, which stated that the industrial control systems operating critical energy infrastructure face “severe and sophisticated cyberattacks from determined adversaries.” Industry feedback is expected to help protect the electric grid and enable the creation of informed standards bodies and frameworks, FedScoop reported.

According to a recent World Economic Forum report, more than half of the attacks on the energy and utility industry worldwide focused on the software of vendor partners, including the SolarWinds hack in 2021 and the Colonial Pipeline ransomware attack resulting in fuel and energy supply shortages. WEF noted that the energy sector relies heavily on data to build a reliable and flexible energy infrastructure but the supporting technologies from third parties increase its attack surface.

Puesh Kumar, director of the DOE Office of Cybersecurity, Energy Security, and Emergency Response, said in the strategy document that implementing cyber-informed engineering would help strengthen the visibility of cyberthreats in energy systems; address supply chain risks; and build cyber and resilience capacity in the private sector and the state, local, territorial and tribal communities.

To better detect and mitigate risks, CESER is planning to establish an Energy Threat Analysis Center, which would enable threat information sharing between the industry and the government. Speaking at a recent AFCEA Bethesda event, Kumar said the office is also looking at integrating cyber intelligence into sensors and analytics.