The US Department of Energy (DOE) has announced a new investment of $45 million to support 16 projects across six states that aim to protect the nation’s energy sector from cyberattacks and improve its resilience. The projects will develop new tools and technologies that can prevent, detect, and respond to cyber incidents that could disrupt the supply and delivery of energy.

Cybersecurity Challenges and Opportunities for the Energy Sector

The energy sector is a critical infrastructure that provides power to homes, businesses, and communities across the country. However, it also faces increasing and evolving cyber threats that could compromise its security and reliability. Cyberattacks can cause significant damage to energy systems, such as the power grid, electric utilities, pipelines, and renewable energy sources, and affect the economy, the environment, and the health and safety of Americans.

To address these challenges, the DOE has launched several initiatives and programs to enhance the cybersecurity of the energy sector and support its transition to a clean and resilient energy future. One of these initiatives is the Cybersecurity for Energy Delivery Systems (CEDS) program, which is managed by the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). The CEDS program funds research, development, and demonstration (RD&D) projects that partner with industry stakeholders, vendors, national laboratories, and academic institutions to create innovative solutions for energy cybersecurity.

The new investment of $45 million is part of the CEDS program and will support 16 projects that will focus on developing next-generation cybersecurity tools and technologies for the energy sector. These projects will address a wide range of current and emerging cyber threats and challenges, such as:

• Automated cyberattack prevention and mitigation
• Security and resiliency by design
• Cyber-physical system integration and protection
• Cybersecurity risk assessment and management
• Cybersecurity workforce development and training
• Cybersecurity information sharing and collaboration

Examples of Selected Projects and Their Potential Impacts

The 16 projects selected for funding are expected to deliver cutting-edge solutions that will help the energy sector improve its cybersecurity posture and capabilities. Some examples of these projects and their potential impacts are:

• Electric Power Research Institute, Inc. (EPRI) (Palo Alto, CA) will develop an advanced artificial intelligence (AI) and data processing capability to detect and respond to cybersecurity incidents at control system endpoints at the grid edge. This project will help protect distributed energy resources, such as solar panels and battery storage, from cyberattacks and enable their integration into the grid.
• Idaho National Laboratory (INL) (Idaho Falls, ID) will develop a cybersecurity-by-design framework and toolkit that will help energy system developers and operators incorporate cybersecurity and resilience features into their technologies and processes. This project will help reduce the cyber vulnerabilities and risks of energy systems and enhance their performance and reliability.
• The University of Illinois at Urbana-Champaign (UIUC) (Urbana, IL) will develop a cyber-physical system integration and protection platform that will enable the secure and resilient operation of hybrid energy systems, such as microgrids and integrated energy systems. This project will help optimize the energy efficiency and flexibility of hybrid energy systems and protect them from cyberattacks and physical disturbances.
• Pacific Northwest National Laboratory (PNNL) (Richland, WA) will develop a cybersecurity risk assessment and management framework and toolset that will help energy system owners and operators identify, prioritize, and mitigate cyber risks and vulnerabilities. This project will help improve the cybersecurity awareness and decision-making of energy system stakeholders and support the implementation of cost-effective and risk-informed cybersecurity measures.
• The University of Texas at San Antonio (UTSA) (San Antonio, TX) will develop a cybersecurity workforce development and training program that will provide online and hands-on learning opportunities for energy sector professionals and students. This project will help address the cybersecurity skills gap and workforce shortage in the energy sector and enhance the cybersecurity knowledge and competencies of energy sector personnel.
• The National Rural Electric Cooperative Association (NRECA) (Arlington, VA) will develop a cybersecurity information sharing and collaboration platform that will enable energy sector utilities, especially rural electric cooperatives, to exchange cyber threat intelligence and best practices. This project will help improve situational awareness and collective defense of the energy sector and foster a culture of cybersecurity collaboration and coordination.

A Step Forward for Energy Cybersecurity and Innovation

The new investment of $45 million is a significant step forward for energy cybersecurity and innovation in the US. It demonstrates the DOE’s commitment and leadership in supporting the energy sector’s cybersecurity needs and goals and advancing the President’s agenda for investing in America’s infrastructure and clean energy future. It also reflects the DOE’s vision and strategy for creating a secure, resilient, and reliable energy system for all Americans.

The 16 projects selected for funding will leverage the expertise and experience of a diverse and collaborative network of energy sector partners and stakeholders. They will also contribute to the creation and acceleration of new cybersecurity tools and technologies that will help the energy sector address its current and future cyber challenges and opportunities. By doing so, they will help ensure the security and resilience of the nation’s energy sector and the well-being of its people.