DOE allocates $30 million to shore up clean energy cybersecurity

The Department of Energy (DOE) announced $30 million to advance the research, development and demonstration (RD&D) of cybersecurity solutions that can protect distributed energy resource (DER) systems from cyber attacks. 

“America’s energy delivery infrastructure is critical to our overall national and economic security,” said David Crane, the DOE under-secretary for infrastructure. “This funding will drive the development of next-generation cyber technologies that keep our nation at the forefront of innovation while protecting our energy infrastructure from increasing cyber threats. This work could not be more important or timely as our nation transitions to the clean energy economy.”

The initiative will be funded by The Office of Cybersecurity, Energy Security and Emergency Response (CESER), which is looking for ways to detect and mitigate cyber threats to DER. The DOE states that CESER will likely award ten proposals, each earning up to $3 million in federal funding. 

Topic areas include: 

• Improving forensic analysis capabilities of infected renewable energy field devices. 

This includes components, smart meters, sensors and control systems distributed across unprotected areas. The DOE suggests improving the ability to understand what systems were affected and how data was manipulated or stolen can help decrease the risk of an attack happening again. 

• Identifying and mitigating cyber threats to inverter-based resources (IBR)

Examples include wind and solar generation technology and energy and battery storage systems. The DOE states that IBRs are becoming increasingly popular for cyberattacks, as hackers can infect a power grid through digital communication systems, according to research published by Washington State University, Virginia Polytechnic Institute and State University USA. The report states that multiple electricity customers can experience long power cuts in severe cases. 

• Improving the communications security of DERs and Distributed Energy Resource Aggregations (DERA).

Ensuring secure communications between DERs, DERA and the electric grid at large is critical to guaranteeing grid stability. Potential risks for cyberattacks here could occur if a hacker leveraged ransomware to control several DERs or conducted a supply chain attack on an aggregator to manipulate the operation of DERs. 

• Strengthening the cybersecurity of virtual power plants (VPP). 

As VPPs become more efficient and affordable, it’s essential to continue research, development and demonstration to reduce the cyber risk of hackers breaching these cloud-based systems.

According to DNV, an independent assurance and risk management provider employed in over 100 countries, energy is one of the top three industries reporting cyber attacks.

“Our research identifies ‘remote access to operation technology (OT) systems’ among the top three methods for potential cyber-attacks on the energy industry. We would urge the sector to pay greater attention to ensuring that equipment vendors and suppliers demonstrate compliance with security best practices from the earliest stages of procurement,” said Jalal Bouhdada, Founder and CEO at Applied Risk, an industrial cyber-security firm acquired by DNV in 2021.  

This funding opportunity aligns with the Investing in America Agenda, which intends to build resilient energy infrastructure capable of reaching U.S. 2030 and 2050 targets for clean energy and the climate.