Download this article in PDF format.
A new $45 million cash infusion is being funneled to 16 projects across six states with the goal of preventing cyberattacks and reducing energy disruptions created by cyber incidents. In support of President Joe Biden’s Investing in America agenda, the U.S. Department of Energy (DOE) recently announced the new projects, which include power grid, electric utilities, pipelines and renewable energy generation sources like wind or solar.
“DOE is committed to strengthening the nation’s energy sector, including protecting it against current or emerging cyber threats that would threaten Americans’ access to secure, reliable energy,” said U.S. Secretary of Energy Jennifer M. Granholm in a press release. “With today’s announcement, the Biden-Harris Administration is helping teams across the country develop innovative next-generation cybersecurity solutions for tackling modern day challenges.”
CYBERSCOOP says the $45 million investment comes on the heels of Volt Typhoon, a China-linked hacking group that may have been targeting critical U.S. infrastructure. “The administration has devoted billions toward improving the resiliency of the energy sector through the bipartisan infrastructure bill,” the publication adds. “The national cybersecurity strategy pointed to clean energy resilience, in particular, as the grid undergoes modernization efforts.”
Key Projects
DOE says its new round of funding will address a wide range of current and emerging cyberthreats facing energy systems from generation through delivery. “Accelerating investments in cybersecurity is critical to achieving President Biden’s ambitious clean energy and climate goals and essential to ensuring a secure, reliable energy supply for American families and businesses,” it adds.
DOE is partnering with industry stakeholders, vendors, national laboratories and academic institutions to tackle some of the most pressing issues in energy cybersecurity. Some of the selected projects include:
- Electric Power Research Institute, Inc. (EPRI) (Palo Alto, Calif.) will develop an advanced artificial intelligence (AI) and data processing capability to detect and respond to cybersecurity incidents in control system endpoints at the grid edge.
- General Electric, GE Research (Niskayuna, N.Y.) will develop an innovative ability using quantum communication to securely communicate time-sensitive coordination messages that are important to the resiliency of the power grid.
- Georgia Tech Research Corporation (Atlanta) will develop “DerGuard,” a framework utilizing AI techniques for automated vulnerability assessment, discovery and mitigation in distributed energy resources (DER) devices.
- Texas A&M University-Kingsville (Kingsville, Tex.) will research, develop and demonstrate a zero-trust authentication mechanism with post-quantum cryptography to reduce the cyber-physical security risks to DER devices and networks.
- Iowa State University of Science and Technology (Ames, Ia.) will develop technical solutions to be incorporated within the initial stages of a future DER-integrated grid infrastructure development lifecycle for a more resilient operation of critical control functions.
Better Port Security Ahead
In other cybersecurity news, President Biden recently signed an executive order creating a federal rule aimed at better securing the nation’s ports from potential cyberattacks, AP reports. The administration has outlined cybersecurity regulations that port operators must comply with across the country, not unlike standardized safety regulations that seek to prevent injury or damage to people and infrastructure.
Nationwide, ports employ roughly 31 million people and contribute $5.4 trillion to the economy, and could be left vulnerable to a ransomware or other brand of cyberattack, the publication reports. The standardized set of requirements is designed to help protect against that.
“The new requirements are part of the federal government’s focus on modernizing how critical infrastructure like power grids, ports and pipelines are protected as they are increasingly managed and controlled online, often remotely,” AP says. “There is no set of nationwide standards that govern how operators should protect against potential attacks online.”
