The U.S. Dept. of Energy has developed a national strategy for enhancing engineering training, tools, and practices to build resilient clean energy systems designed to withstand cyber threats.
The National Cyber-Informed Engineering (CIE) Strategy, directed by Congress, encourages the incorporation of cybersecurity technology early in the design lifecycle of engineered systems to reduce cyber risks and vulnerabilities including threats by foreign actors.
The strategy is organized into five pillars — Awareness, Education, Development, Current Infrastructure, and Future Infrastructure — and aims to reduce or eliminate cyber vulnerabilities by engineering them out.
“Building a powerful and resilient grid that can withstand the full gamut of modern cyber threats begins at the design level,” said U.S. Secretary of Energy Jennifer M. Granholm. “Through this strategy, DOE is laying out a framework for ensuring the once-in-a-generation investment from the Bipartisan Infrastructure Law secures our energy sector and delivers a stronger, cleaner electric grid.”
Subscribe today to the all-new Factor This! podcast from Renewable Energy World. This podcast is designed specifically for the solar industry and is available wherever you get your podcasts.
Listen to the most recent episode on building out the U.S. solar supply chain, featuring interviews with Rhone Resch, Martin Pochtaruk, and Michael Parr.
Enacted into law in 2019, Section 5726 of the National Defense Authorization Act for Fiscal Year 2020 directed the Secretary of Energy to establish a government-industry working group to accomplish a series of tasks, including developing a national cyber-informed engineering strategy to isolate and defend energy infrastructure from security vulnerabilities and exploits in the most critical systems.
The National CIE Strategy provides guidance on the application of cybersecurity technology across the engineering design lifecycle of grid development. It also ensures that automated systems on the grid are designed to be cybersecure and resilient.
CIE is an emerging method to integrate cybersecurity considerations into the conception, design, development, and operation of any physical system that has digital connectivity, monitoring, or control.
The DOE report offered a series of strategic recommendations for each pillar, including:
1. Leverage the DOE National Laboratories, academia, government partners, and industry to continually improve and expand the applicability of CIE.
2. Create and leverage a CIE Center of Excellence to execute the maturation of CIE.
3. Create and maintain an open-source library of CIE tools, case studies, and lessons that support designers, manufacturers, and asset owners and operators in applying CIE principles.
Next, DOE said it’s incumbent upon stakeholders to form an implementation strategy for the cybersecurity framework.