DOE develops cybersecurity strategy

The National Renewable Energy Laboratory (NREL), in collaboration with UL, will develop a set o consensus standards for DER/IBR cybersecurity. (Courtesy: NREL)

The U.S. Department. The U.S. Dept. of Energy has created a national strategy for improving engineering tools, training, and practices to create resilient clean energy systems that can withstand cyber attacks. 

Congress has directed the National Cyber-Informed Engineering Strategy (CIE), which encourages cybersecurity technology to be included early in the design of engineered systems. This is to reduce cyber risks and vulnerabilities, including foreign actor threats, through the use of engineering technology.

The strategy is organized into five pillars — Awareness, Education, Development, Current Infrastructure, and Future Infrastructure — and aims to reduce or eliminate cyber vulnerabilities by engineering them out.

“Building a powerful and resilient grid that can withstand the full gamut of modern cyber threats begins at the design level,” said U.S. Secretary of Energy Jennifer M. Granholm. “Through this strategy, DOE is laying out a framework for ensuring the once-in-a-generation investment from the Bipartisan Infrastructure Law secures our energy sector and delivers a stronger, cleaner electric grid.” 

Subscribe TodayThe all-new Factor This! Renewable Energy World podcast. This podcast is geared specifically towards the solar industry. Whenever you get your podcasts.

Listen to the latest episode of the U.S. Solar Supply Chain Building Out, featuring interviews by Rhone Resch and Martin Pochtaruk as well as Michael Parr.

In 2019, Section 5726 (National Defense Authorization Act for Fiscal year 2020) was enacted and directed the Secretary of Energy, to create a government-industry group to accomplish a number of tasks, including the development of a national cyber-informed engineering plan to protect energy infrastructure from security vulnerabilities or exploits in the most critical system.

The National CIE Strategy offers guidance on cybersecurity technology application throughout the engineering design lifecycle for grid development. It ensures that grid-connected automated systems are cybersecured and resilient. 

CIE is a method that integrates cybersecurity considerations into the design, development, operation, and maintenance of any physical system that has digital monitoring, control, connectivity, or monitoring.

The DOE report provided a number of strategic recommendations for each pillar.

1. Use the DOE National Laboratories, academia and government partners to expand the CIE’s applicability.

2. CIE Center of Excellence: Create and leverage it to help CIE mature.

3. Maintain an open-source library with CIE tools, case studies and lessons to support designers, manufacturers, asset owners, and operators in applying CIE principles.

Next, DOE said it’s incumbent upon stakeholders to form an implementation strategy for the cybersecurity framework.