The U.S. Department of Energy has released the congressionally directed National Cyber-Informed Engineering (CIE) Strategy to provide a framework for enhancing engineering training, tools, and practices to build resilient clean energy systems designed to withstand cyber threats. The strategy encourages the incorporation of cybersecurity technology early in the design lifecycle of engineered systems to reduce cyber risks and vulnerabilities including threats by foreign actors.
“Building a powerful and resilient grid that can withstand the full gamut of modern cyber threats begins at the design level,” said U.S. Secretary of Energy Jennifer M. Granholm. “Through this strategy, DOE is laying out a framework for ensuring the once-in-a-generation investment from the Bipartisan Infrastructure Law secures our energy sector and delivers a stronger, cleaner electric grid.”
The National CIE Strategy provides guidance on the application of cybersecurity technology across the engineering design lifecycle of grid development. It also ensures that automated systems on the grid are designed to be cybersecure and resilient. The Strategy is organized into five pillars — Awareness, Education, Development, Current Infrastructure, and Future Infrastructure — and aims to reduce or eliminate cyber vulnerabilities by engineering them out. The CIE Strategy is also focused on reducing the likelihood of disruptions to our nation’s critical energy infrastructure even if a cyber-attack is successful. The director of DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), Puesh Kumar, announced the strategy’s official release at the 2022 Cybersecurity and Technology Innovation Conference held in Portland, Oregon.
The National Defense Authorization Act for Fiscal Year 2020 directed DOE to convene a multi-stakeholder working group, comprised of senior technical leaders from across government, industry, academia, and the DOE National Laboratories, to develop a new strategy to defend our nation’s energy infrastructure from cybersecurity threats, vulnerabilities, and risks in the most critical industrial control systems. Pursuant to congressional direction, CESER created the Securing Energy Infrastructure Executive Task Force to lead the development of the National CIE Strategy as well as to identify new classes of security vulnerabilities in industrial control systems and to evaluate the technologies and standards used to secure industrial control systems.
For more information about the National Cyber-Informed Engineering Strategy, click here.