The Department of Energy (DoE) will soon operationalize its public-private pilot program which aims to secure critical energy infrastructure against threats as it also looks forward to improving security through work within industry sectors, a top DoE security official said on Sept. 17.
Puesh Kumar, director of DoE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), said during a Nextgov/FCW event that the Energy Threat Analysis Center (ETAC) pilot is “about to fully operationalize.”
Directed by the Infrastructure Investment and Jobs Act of 2021 to develop and implement a program providing operational support for energy sector cyber resilience, DoE first began the pilot phase of ETAC in April 2023. The pilot encourages collaboration and conversation between industry and government to increase visibility of threats within industry systems.
“We want to correlate them across the sector to really understand at a national level, what are we seeing, what kind of activity are we seeing – by a Chinese threat actor, or a Russian threat actor, or even a criminal actor,” said Kumar. “We can actually get better visibility across the board, but also get mitigation measures out the door as well, in partnership with the industry.”
Kumar pointed out that most of the critical energy infrastructure in the U.S. is owned and operated by the private sector and that the Federal government doesn’t have the ability to provide security and resilience designs for each of the thousands of providers. Instead, he said that DoE is asking providers to take on a “fundamental level of security” on their own.
To help with the agency’s limited capacity to assist, DoE is working to create testing within the private sector.
“We can’t test it all, so we do have to focus on high priority testing – but one of the goals that we have is to really start to create an industry in the private sector to do its own testing,” said Kumar. “We’re now seeing the shift where we’re seeing OT vulnerability testing companies that are coming up, which is really great, and that’s what we want to push, is to really get more of that private sector work being done.”
Other changes the energy sector can expect include increased security requirements as the power grid shifts from centralized to decentralized energy generation. With more energy sources connecting at the distribution center, Kumar said that the increased connectivity is raising cybersecurity risks.
He said that to address this problem, DoE has been speaking and working with major tech companies to develop secure designs for cloud-based energy grids.
