Citing increased threat, DOE launches a 100-day cyber security initiative


The U.S. Department of Energy (DOE) launched an 100-day initiative to enhance the cybersecurity of electric utilities’ industrial control systems (ICS) and secure the energy sector supply chain.

The initiative involves DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA). It aims to advance actions to confront cyber threats from adversaries that seek to compromise critical systems that are essential to U.S. national and economic security.

“The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” said Secretary of Energy Jennifer M. Granholm.

DOE also said that following a 90-day suspension, EO 13920 resumes effect. The Executive Order was signed in May 2020 by President Trump and restricted the import of certain pieces of bulk power system electrical equipment.

(Read “‘We have a real adversary’: Work intensifies to safeguard solar from cyber attacks.”)

The initiative encourages owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities. It includes milestones over the next 100 days for owners and operators to identify and deploy technologies and systems that enable near real-time situational awareness and response capabilities in critical ICS and operational technology (OT) networks.

It also is intended to reinforce and enhance the cybersecurity posture of critical infrastructure information technology  networks; and includes a voluntary industry effort to deploy technologies to increase visibility of threats in ICS and OT systems.

DOE also released a new Request for Information (RFI) to seek input from electric utilities, energy companies, academia, research laboratories, government agencies, and other stakeholders to inform future recommendations for supply chain security in U.S. energy systems.

DOE said that comments received in response to the RFI will enable it to “evaluate new executive actions to further secure the nation’s critical infrastructure against malicious cyber activity” and strengthen the domestic manufacturing base. DOE said that it expects utilities to “continue to act in a way that minimizes the risk of installing electric equipment and programmable components that are subject to foreign adversaries’ ownership, control, or influence.”

This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: