The Office of the National Cyber Director’s (ONCD) newly minted plan to defend against cyber threats across the energy sector is charging the Energy Department to take the lead in executing 32 key initiatives.
The White House’s Energy Modernization Cybersecurity Implementation Plan (EMCIP), released on Dec. 20, focuses on cybersecurity lapses in the energy sector, and details efforts to address five high impact technologies including batteries, distributed control systems, and electric vehicles.
“The electric grid is undergoing a significant, rapid transformation which is redefining how the electric system needs to be designed, built, and operated,” said ONCD. “New internet-connected technologies enhance the efficiency, safety, and resiliency of the grid. This convergence offers a variety of benefits … But it also comes with risks that must be mitigated to realize a truly 21st Century vision of our power infrastructure.”
In addition to focusing on linchpin technologies, ONCD plan also covers several cross-sector issues. The first of those – improving collaboration between government and energy sector partners – is critical to successfully shoring up energy infrastructure against cyber threats.
Under this initiative, the Energy Department will expand its Energy Threat Analysis Center (ETAC) over the next two years to improve coordination. The ETAC is a public-private partnership with aims to improve awareness and response to cyber threats targeting critical energy infrastructure.
The ETAC’s expansion will include non-traditional energy spaces and focus on integrating research and development, cyber operations, and threat intelligence – such as third-party owners and operators of modern energy technologies – not currently incorporated in traditional institutions.
“The United States Government will only succeed in implementing this Plan through close collaboration with the private sector; civil society; state, local, Tribal, and territorial (SLTT) governments; international partners; and Congress,” said ONCD. “Federal agencies will collaborate with interested stakeholders to implement the Plan and build new partnerships where possible.”
Cross-agency initiatives will focus on intelligence sharing between the Intelligence Community (IC) and energy industry groups, standardized frameworks, secure design principles, workforce development, and managing cybersecurity risks in current and emerging energy technologies and supply chains.
Five key cyber-enabled technologies that the EMCIP addresses includes battery supply chains and management systems, inverter controls and power converters, distributed control systems, energy management systems, and electric vehicles (EVs) and electric vehicle supply equipment (EVSE).
To improve battery supply chains, the Energy Department will be tasked with advancing Battery Energy Storage Systems (BESS) cybersecurity by fostering strategic unity through an interagency strategic plan and enhancing operational collaboration by integrating BESS into cybersecurity exercise programs. It will also boost inverter cybersecurity via collaboration, interconnection planning, and proactive standards adoption, according to the EMCIP.
The Energy Department will also harmonize integration and cybersecurity for distributed control systems, including developing standards for DERs and testing procedures for data requirements. It will oversee advancing cybersecurity for Building Energy Management Systems (BEMS), EVs and EVSE by promoting technical standards, fostering international adoption, enhancing workforce development, and supporting secure procurement and risk assessments.
Additional agencies tasked with carrying out various initiatives include the Cybersecurity and Infrastructure Security Agency, Joint Office of Energy and Transportation, National Science Foundation, Office of the Director of National Intelligence, Department of Commerce, General Services Administration, Department of Transportation, National Institute of Standards and Technology, Environmental Protection Agency, and the Department of Defense.
Most of the plan’s initiatives – 21 in total – are set to be completed by fiscal year (FY) 2026, with 10 scheduled for completion by FY25 and two by FY27.
