Resiliency of U.S. Electrical Infrastructure Gains Attention

Key Takeaways:

• DOE’s CESER office announced new programs to guard against threats to the U.S. energy sector, which include supply chain testing, electromagnetic and geomagnetic interference solutions, and cybersecurity talent and research.
• Biden’s American Jobs Plan calls for $100B to modernize the U.S. power infrastructure by strengthening the resiliency of the transmission system and promoting clean electricity.
• Despite these, a recent GAO report found DOE must take additional steps to reduce risks to the grid’s distribution system and protect from cyberattacks and potentially detrimental impacts.

Recognizing the need to elevate the DOE’s energy security responsibilities, the agency created the Office of Cybersecurity, Energy Security and Emergency Response (CESER) in 2018 to protect the nation’s critical power infrastructure against increasing threats. Since then, the office has taken a number of steps to train personnel, coordinate with stakeholders, and prepare for and manage impacts to the energy sector.

In March, the office announced three new cybersecurity programs to bolster the resiliency of the U.S. energy system:

• A supply chain program utilizing advanced analytics and test energy sector digital tools for security issues, strengthening the hardware and software within industrial control systems to stave off bad actors
• Test and assessment of system vulnerabilities to electromagnetic and geomagnetic interference through nine pilot projects to anticipate risks produced by such attacks
• New funding to support partnerships and new talent to develop next generation cybersecurity technologies

Garnering even more attention from the new administration, modernization of the nation’s power infrastructure is part of Biden’s new American Jobs Plan. The plan calls for $100B to expand and strengthen the electric transmission system, and spur jobs, incentives, generation and storage of clean energy. A sound electrical infrastructure is key in Biden’s clean energy goals.

Aside from CESER and the new administration, the GAO is also paying attention to the strength of the electrical grid. In a recent report, the government’s watchdog reviewed cybersecurity of grid distribution systems. The grid is comprised of three functions: generation and storage, transmission and distribution.

The GAO found that distribution systems are now, more than ever, susceptible to cyberattacks, largely due to increased reliance on remote monitoring and control technologies. Moreover, other grid vulnerabilities stem from legacy systems designed without cyber protections, and security conflicts in the design and operation of systems. Though it seems cyberattacks on distribution systems may result in more localized impacts, the GAO found that the scale of impact on those systems remains unclear and faulted DOE for not thoroughly addressing risks to grid distribution systems from cyberattacks in its plans. While DOE’s plans do address some elements of risk, it does not address the vulnerabilities associated with internet-accessible industrial control system devices and networked consumer devices.

Specifically, the GAO states, “Unless DOE more fully addresses risks to the grid’s distribution systems from cyberattacks, including their potential impacts, in its plans to implement the national cybersecurity strategy for the grid, the updated documents will likely be of limited use in prioritizing federal support to help states and industry improve grid distribution systems’ cybersecurity.”

DOE agreed with the GAO’s findings and recommendation, highlighting two research projects that will advance the cybersecurity of distribution systems.