DOE cybersecurity principles seek to fortify energy supply chain

June 21, 2024

The U.S. Department of Energy has released a set of Supply Chain Cybersecurity Principles designed to secure the global energy supply chain against an array of cyber threats.

Developed in collaboration with U.S. allies abroad, the Idaho National Laboratory and private industry partners, the principles are an attempt to establish best practices for cybersecurity throughout the supply chain, providing a framework to strengthen technologies used to manage and operate electric grids, renewable energy, oil, and natural gas systems worldwide.

“As we build our clean energy future, it is critical that we incorporate strong cybersecurity protections,” U.S. Deputy Secretary of Energy David Turk said in a press release. “Together with our G7 allies, we’re helping ensure energy infrastructure worldwide is more reliable and resilient against tomorrow’s threats and challenges.”

The energy sector is indispensable to modern life, powering technology, homes, businesses, and critical infrastructure. However, the increasing digitalization and interconnectivity of energy systems has also made them more vulnerable to cyber threats. Cyber attacks on energy infrastructure can have severe consequences for the energy supply, economy, and public safety.

For example, in May 2021, a ransomware attack forced Colonial Pipeline, which supplies about 45% of the East Coast’s fuel, to shut down operations for several days. This led to fuel shortages and price spikes. The energy sector is also undergoing rapid change as it transitions toward new technologies, such as renewable energy sources and microgrid systems.

The Supply Chain Cybersecurity Principles cover 10 key areas with different definitions for energy suppliers and end users. The key areas are:

  • Impact-driven risk management.
  • Framework-informed defenses.
  • Cybersecurity fundamentals.
  • Secure development and implementation.
  • Transparency and trust-building.
  • Implementation guidance.
  • Lifecycle support and management.
  • Proactive vulnerability management.
  • Proactive incident response.
  • Business and operational resilience.

Shared responsibility throughout

The energy supply chain is a complex network of oil and gas companies, equipment suppliers, midstream pipeline operators, power plant operators, renewable energy, power line transmission operators and utility service providers, each playing a vital role in ensuring the security of the resulting infrastructure. The DOE’s principles emphasize the need for a shared responsibility, with both suppliers and end-users working together to enhance security throughout the supply chain.

For suppliers of energy and equipment used in production, the principles encourage companies to consider potential risks at every stage, from initial design to customer use. This includes following established cybersecurity guidelines and industry-specific standards in energy extraction and equipment manufacturing. Suppliers should also be transparent about their products’ security features and potential vulnerabilities.

On the user side, the principles recommend users work closely with suppliers to fully understand the security features of the products they’re using. This includes spelling out specific security requirements in contracts. Users should also plan for the long term, keeping their systems up-to-date and regularly checking for potential weaknesses. The principles stress the need for a response plan during a cyber attack, ensuring that threats can be quickly neutralized.

 “Energy systems around the world face continuous cyber attacks and are vulnerable to disruption. As new digital clean energy technologies are integrated, we must ensure they are cyber secure to prevent destruction or disruption in services,” White House national security adviser Jake Sullivan said in a statement. Sullivan added that in working together with its allies, the United States is “committed to taking critical action to strengthen the cybersecurity of the global supply chain of key technologies used to manage and operate electricity, oil, and natural gas systems across the world.”

Photo by Nikola Johnny Mirkovic on Unsplash

Don't Miss

Massive support, funding now available to improve supply-chain networks

New opportunities for multimodal freight, rail, and port projects are
A hospital hallway.

New hospitals greenlit for Amarillo, Wichita Falls

The Texas Health and Human Services Commission (HHSC) is searching