The US Department of Energy has released its Multi-Year Plan for Energy Sector Cybersecurity to help make US energy systems more resilient and secure. The plan includes:
- boosting threat-sharing with the private sector, including a malicious code repository and exchange
- curbing supply-chain risk, and
- accelerating research and development to make energy systems more resilient to hacking.
Also, the plan serves as a roadmap for the new Office of Cybersecurity, Energy Security, and Emergency Response, for which The Administration has requested $96 million in the 2019 US Federal budget. In response, two experts on Federal cybersecurity issues offer perspective.
Michael Magrath, Director, Global Regulations & Standards at VASCO Data Security:
“The DOE will be updating the Cybersecurity Capability Maturity Model (C2M2). The market has changed since it was published in February 2014. We anticipate DOE will incorporate NIST’s Digital Identity Guidelines (SP 800-63-3), refreshed in 2017 and advance risk-based, biometric adaptive authentication technologies to protect the nation’s energy sector.”
Ray DeMeo, Chief Operating Officer at Virsec:
“We welcome the DOE raising awareness around critical threats to the energy sector and laying out a strategy. While the strategy pillars are sound, making them actionable will be challenging – largely in view of the inertia behind legacy systems. It’s critical that we invest with speed and agility, and the roadmap’s goal to accelerate game-changing RD&D of resilient systems stands out. The administration’s funding request for $96 million is hopefully just a down payment, because protecting our infrastructure adequately will cost billions.”