On March 2, 2023, the Biden administration unveiled a new National Cybersecurity Strategy that includes various initiatives to protect U.S. energy infrastructure from attacks. The White House strategy comes on the heels of several high-profile attacks on U.S. substations and at a time when federal regulators have placed increased focus on the security of the U.S. energy grid.
In a White House fact sheet issued last week, the Biden administration stated that the new cybersecurity strategy seeks to build and enhance collaboration around five pillars:
- defending critical infrastructure
- disrupting and dismantling threat actors
- shaping market forces to drive security and resilience
- investing in a resilient future
- forging international partnerships to pursue shared goals
One strategic objective of the strategy is to “Secure [the] Clean Energy Future” of the United States through investment in new energy infrastructure, including distributed energy resources, “smart” energy generation and storage devices, advanced cloud-based grid management platforms, and transmission and distribution networks designed for high-capacity controllable loads. In a Report issued in October 2022, the Department of Energy (DOE) warned that such technologies, while providing potential to improve grid security and resilience, also contained vulnerabilities that could lead to new forms of cyberattack. The Report stated that ransomware, botnets, and worm attacks could serve as entry points to manipulate wider grid operation systems, and it emphasized that grid planners should address cybersecurity risks early in the deployment process of new energy infrastructure technologies. The White House indicates in the strategy that it intends to “seize [the] strategic opportunity to build in cybersecurity proactively … rather than developing a patchwork of security controls after these connected devices are widely deployed.”
To that end, the recently released strategy cited various cybersecurity initiatives focused on grid protection, including the congressionally directed National Cyber-Informed Engineering Strategy, released in June 2022, and other DOE Initiatives such as the Clean Energy Cybersecurity Accelerator and the Energy Cyber Sense program.
This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.