Solar

DOE releases a cybersecurity framework with a focus on engineering-based strategies

DOE releases a cybersecurity framework with a focus on engineering-based strategies
The National Renewable Energy Laboratory (NREL) will work with global safety certification firm UL to develop a set of consensus standards for DER and IBR cybersecurity. (Courtesy: NREL)

The U.S. Department of Energy has released what it said is a national strategy to enhance engineering training, tools, and practices to build resilient clean energy systems designed to withstand cyber threats. 

The National Cyber-Informed Engineering (CIE) Strategy, directed by Congress, encourages the incorporation of cybersecurity technology early in the design lifecycle of engineered systems to reduce cyber risks and vulnerabilities including threats by foreign actors.

The strategy is organized into what DOE said are five pillars — Awareness, Education, Development, Current Infrastructure, and Future Infrastructure — and aims to reduce or eliminate cyber vulnerabilities by engineering them out.

“Building a powerful and resilient grid that can withstand the full gamut of modern cyber threats begins at the design level,” said Energy Secretary Jennifer M. Granholm. “Through this strategy, DOE is laying out a framework for ensuring the once-in-a-generation investment from the Bipartisan Infrastructure Law secures our energy sector and delivers a stronger, cleaner electric grid.” 

Subscribe today to the all-new Factor This! podcast from Renewable Energy World. This podcast is designed specifically for the solar industry and is available wherever you get your podcasts.

Enacted into law in 2019, Section 5726 of the National Defense Authorization Act for Fiscal Year 2020 directed the Secretary of Energy to establish a government-industry working group to accomplish a series of tasks, including developing a national cyber-informed engineering strategy to isolate and defend energy infrastructure from security vulnerabilities and exploits in the most critical systems.

The National CIE Strategy provides guidance on the application of cybersecurity technology across the engineering design lifecycle of grid development. It also is intended to ensure that automated systems on the grid are designed to be cyber secure and resilient. 

DOE said that CIE is an emerging method to integrate cybersecurity considerations into the conception, design, development, and operation of any physical system that has digital connectivity, monitoring, or control.

The DOE offered a series of recommendations for each pillar, including:

1. Leverage the DOE national laboratories, academia, government partners, and industry to continually improve and expand the applicability of CIE.

2. Create and leverage a CIE Center of Excellence to execute the maturation of CIE.

3. Create and maintain an open-source library of CIE tools, case studies, and lessons that support designers, manufacturers, and asset owners and operators in applying CIE principles.

DOE called on stakeholders to form an implementation strategy for its cybersecurity framework.