The U.S. Department of Energy this week announced its strategy to reduce cyber risks in the energy sector and outlined its goals, objectives and activities for the next five years.
With the energy sector increasingly targeted by threat actors, the Energy Department is concerned that attackers may be able to cause a large and prolonged energy disruption. In an effort to improve the cybersecurity and resilience of energy services, the agency has created the DOE Multiyear Plan for Energy Sector Cybersecurity, which is meant to provide a foundation for the recently launched Office of Cybersecurity, Energy Security, and Emergency Response (CESER).
The plan focuses on three main goals: strengthening cybersecurity preparedness, coordinating incident response and recovery, and accelerating research, development and demonstration (RD&D) for resilient energy delivery systems (EDS).
When it comes to strengthening preparedness, the DOE’s objectives include enhancing information sharing and situational awareness capabilities, strengthening risk management capabilities, reducing supply chain vulnerabilities, and developing and improving information sharing tools. This last objective includes the development of a virtual crowdsourced malware forensic analysis platform.
As for incident response and recovery, the Energy Department wants to establish a coordinated national incident response capability, conduct training for emergency responders and improve the incident reporting process, and conduct exercises.
The DOE’s third goal is to accelerate “game-changing RD&D” of resilient EDS, including for detecting, preventing and mitigating cyber incidents. The organization also wants tools and technologies that can anticipate future attack scenarios, and the development of systems and components that are cybersecurity-aware and capable of automatically handling cyberattacks.
“The DOE will be updating the Cybersecurity Capability Maturity Model (C2M2). The market has changed since it was published in February 2014,” commented Michael Magrath, director of global regulations & standards at VASCO Data Security. “We anticipate DOE will incorporate NIST’s Digital Identity Guidelines (SP 800-63-3), refreshed in 2017 and advance risk-based, biometric adaptive authentication technologies to protect the nation’s energy sector.”
“We welcome the DOE raising awareness around critical threats to the energy sector and laying out a strategy,” said Ray DeMeo, COO at Virsec. “While the strategy pillars are sound, making them actionable will be challenging – largely in view of the inertia behind legacy systems. It’s critical that we invest with speed and agility, and the roadmap’s goal to accelerate game-changing RD&D of resilient systems stands out. The administration’s funding request for $96 million is hopefully just a down payment, because protecting our infrastructure adequately will cost billions.”
Related: Energy Regulator Acts to Improve Power Grid Security
Related: U.S. Energy Department Offers $25 Million for Cybersecurity Tech
Related: U.S. Energy Firm Fined $2.7 Million Over Data Security Incident

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- GitHub Suspends Repository Containing Leaked Twitter Source Code
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
