The Biden-Harris Administration has announced an implementation plan to realise the National Cybersecurity Strategy, which aims to protect investments in rebuilding US infrastructure and develop the clean energy sector.
The newly announced National Cybersecurity Strategy Implementation Plan (NCSIP) – announced via a Washington-issued fact sheet – details over 65 Federal initiatives, from combatting cybercrimes to building a skilled cyber workforce.
The initiatives are grouped under five pillars – Defending Critical Infrastructure, Disrupting and Dismantling Threat Actors, Shaping Market Forces and Driving Security and Resilience, Investing in a Resilient Future, and Forging International Partnerships to Pursue Shared Goals – the fourth of which details the US’ action plan to bolster energy-minded cyber measures.
The Office of the National Cyber Director (ONCD) will coordinate activities under the plan, including an annual report to the President and Congress on the status of implementation.
Strategic objective: ‘Secure Our Clean Energy Future’
Under Investing in a Resilient Future, clean energy cyber resilience initiatives fall under the Secure our Clean Energy Future strategy.
States the National Cybersecurity Strategy: “Our accelerating national transition to a clean energy future is bringing online a new generation of interconnected hardware and software systems that have the potential to strengthen the resiliency, safety, and efficiency of the US electric grid.
“These technologies, including distributed energy resources (DERs), smart energy generation and storage devices, advanced cloud-based grid management platforms, and transmission and distribution networks designed for high-capacity controllable loads are far more sophisticated, automated and digitally interconnected than prior generations of grid systems.”
To protect said systems, under the implementation plan the following initiatives aim to combat and prevent energy sector cyber crimes:
• Drive adoption of cyber secure-by-design principles by incorporating them into federal projects (initiative 4.4.1)
The DOE, working with ONCD and CISA (Cybersecurity and Infrastructure Security Agency), will work with stakeholders to identify and implement cyber secure-by-design pilot projects, identify economic incentives for cyber secure-by-design, identify needed technology vehicles to apply cyber secure-by-design principles and measure progress on national implementation of cyber secure-by-design efforts for critical energy infrastructure.
The DOE will also continue to promote cybersecurity for electric distribution and DERs in partnership with relevant stakeholders.
• Develop a plan to ensure the digital ecosystem can support and deliver the US government’s decarbonisation goals (initiative 4.4.2)
The ONCD will develop a plan to ensure that the digital ecosystem is prepared to incorporate novel technologies and dynamics needed for the energy transition.
Cybersecurity will be built in through the National Cyber-Informed Engineering Strategy, rather than developing a patchwork of security controls after these connected devices are widely deployed.
• Build and refine training, tools and support for engineers and technicians using cyber-informed engineering principles (initiative 4.4.3)
DOE will work with stakeholders to build the National Cyber-Informed Engineering Strategy to advance the training, tools and support for engineers and technicians to enable them to design, build and operate operational technology and control systems that are secure- and resilient-by-design.
Each initiative under the five pillars is assigned to a responsible agency; 18 agencies in total are leading the initiatives.
This is the first iteration of the plan, which is a living document that will be updated annually.