Dive brief:
- The Department of Energy published a new framework of best practices for securing clean energy cyber supply chainsincluding key technologies used to manage and operate electricity, oil and natural gas systems.
- The principles outline 10 cybersecurity best practices for suppliers, as well as 10 for consumers, with a focus on risk management, transparency, operational resilience and proactive incident response.
- The Biden administration denounced the growing need for such guidance as the threat of cyber attacks against the energy sector continues to grow from foreign and domestic actors.
Diving knowledge:
The Energy Department’s Office of Cybersecurity, Energy Security and Emergency Response developed the guidelines with input from manufacturers of industrial control and energy automation systems, as well as the Idaho National Laboratory, which specializes in research of cyber security.
The department lists 10 areas of good practice for both suppliers and end users. They include priorities such as maintaining vulnerability management processes for vendors that follow industry best practices, as well as providing product support, including security patches and mitigations throughout the lifecycle of an end-user transaction.
For end users, the department encourages including contractual language for “those terms, conditions, and testing requirements that will influence your security outcomes” and working with vendors to fully understand and integrate the controls and platforms of appropriate cyber security.
The U.S. is not alone in its boosted efforts related to manufacturing cybersecurity — the topic was discussed among leaders at the G7 summit in Apulia, Italy, earlier this month. Officials pledged to “continue discussions” on how to improve cybersecurity resilience in key sectors, including how to improve supply chain security.
“As new digital clean energy technologies are integrated, we must ensure they are cyber-secure to prevent destruction or disruption of services,” National Security Adviser Jake Sullivan said in a Statement from the White House of June 18. “The G7 will work to establish a collective cybersecurity framework for operational technologies for both manufacturers and operators.”
The cyber threat to critical US manufacturing is growing. The sector experienced the second largest number of cyber attacks among U.S. industries last year at 218, trailing only health care, according to FBI data. On a global scale, almost half of the critical manufacturers are at risk of cyberattack, as many organizations lack visibility into their broader business ecosystems to prevent a successful attack.
To combat the increased risk, the Biden administration has taken a growing interest in strengthening US manufacturing and supply chain security. In November, the administration created the White House Council on Supply Chain Resiliencewhat was formalized at the beginning of this month by executive order.
At the agency level, DOE has been working with energy distributors in recent months to improve cybersecurity. The department they created similar “baselines”.” in February with the aim of improving the security of distribution systems and distributed energy resources.
The department was also deployed $30 million in funding in January to fund research, development and demonstration projects focused on improving the cybersecurity of clean energy resources.
