As the threat of cyber attack continues to grow and evolve, strengthening the cybersecurity of our critical energy infrastructure is vital. The Energy Department is working closely with our federal, state and industry partners to protect the nation’s energy critical infrastructure, including the electric power grid. Adapting to a changing cyber landscape is critical as the threat of attack grows.
Keeping the power flowing is a shared responsibility that requires commitment, innovation and the ability to respond quickly. Because most of the energy critical infrastructure such as electricity transmission lines and oil pipelines is owned and operated by private industry, partnerships are essential.
The Department’s release this week of new tools that help organizations measure and improve their own cyber capabilities is the latest example of our close collaboration with our partners to improve the security and resiliency of the nation’s energy delivery system. Since the Cybersecurity Capability Maturity Model (C2M2) was launched in 2012 as part of a White House initiative led by the Energy Department and developed with the Department of Homeland Security, industry and other stakeholders, the program has grown beyond the electric sector to include the oil and natural gas industry. For the first time, we are now also releasing a version of the model that can be used by any business or organization.
This week also marks another important milestone. One year ago, the President directed the National Institute of Standards and Technology (NIST) to work with stakeholders to develop a voluntary framework for reducing cyber risks to all critical infrastructure. Over the past year, the Energy Department has collaborated with the energy sector on improvements to the NIST Cybersecurity Framework by participating in workshops and providing formal comments through the Federal Register process. We are now engaging the electricity and oil and natural gas sector coordinating councils on implementation guidance for the framework, leveraging the expertise of the organizations that provide reliable energy services to the nation. The Department will provide updates as consensus is reached on energy sector implementation guidance for the framework, and will leverage the C2M2 to further facilitate the energy sector’s framework implementation.
The Energy Department also continues to invest in critical cybersecurity research and development to provide the energy industry with technology options it can use to help protect energy infrastructure. Since 2010, the Department has invested more than $100 million in cybersecurity research and development through awards to industry, universities and national laboratories. In September, the Department invested an additional $30 million for the development of new tools and technologies to strengthen the nation’s energy delivery infrastructure and protect it from cyber attack. The Department also works with federal partners and the private sector to promote best practices for cyber and physical security and improve incident response.
This is a complex challenge that requires continued action on multiple fronts. We remain committed to working closely with our partners to make continued progress and meet that challenge.