This is historical material “frozen in time”. The website is no longer updated and links to external websites and some internal pages may not work.

December 20, 2024

Today, the Office of the National Cyber Director (ONCD) released an Energy Modernization Cybersecurity Implementation Plan.

America’s energy landscape is becoming increasingly digitized. New internet-connected technologies enhance the efficiency, performance, safety, and resiliency of the electricity grid. These energy technologies are reducing costs for consumers; elevating the quality and reliability of energy services provided; creating new markets and economic growth opportunities; and improving the environment. But, as highlighted in the Nation’s first Report on the Cybersecurity Posture of the United States, adversaries are continuing to target critical infrastructure. Many of these connected and digitized energy technologies can augment system integrity as compared to legacy systems; at the same time, their introduction can increase the attack surface that adversaries could target. Today, clear opportunities exist to secure American energy infrastructure, at scale, against potential cybersecurity threats.

Securing the next generation of American energy generation, transmission, and distribution requires coordinated action across the government and the private sector. The publication of the Energy Modernization Cybersecurity Implementation Plan (EMCIP) provides a roadmap for this effort to guide the public sector and inform the private sector. The EMCIP outlines 32 high-impact initiatives that the Federal government will carry out to achieve a more secure energy ecosystem. In keeping with ONCD’s commitment to transparency and accountability, each initiative has an identified lead agency with a specific timeline for completion. Twelve agencies have roles in the plan.

The electric grid is undergoing a significant, rapid transformation across a range of next-generation technologies is redefining how the electric system needs to be designed, built, and operated, highlighting the need for cross-cutting solutions. For instance, in the Plan, the Department of Energy is developing a framework to unify cybersecurity standards and guidelines for digital energy infrastructure into guidance that can be implemented by the states. The Office of the Director of National Intelligence is charged with regularly providing intelligence-informed briefings to energy technologies industry groups about the evolving threat landscape. And the Cybersecurity and Infrastructure Security Agency will encourage the procurement of digital energy systems that incorporate secure by design principles throughout their product life cycles.

As our economy electrifies, ensuring cybersecurity is baked in from the outset will be essential for the foundations of our modern energy sector as well as our national competitiveness and economic security.

Linchpin Technologies

Earlier this year the U.S. government identified five linchpin energy technologies for which cybersecurity and resilience improvements could have the highest return on investment and improve the security of the system. The EMCIP includes many initiatives specific to those technologies:

  • Batteries & Battery Management Systems. With properly architected and secured software, both firmware and cloud-based, batteries big and small promise an ambitious energy future that is less constrained by the time or geography of electricity generation.
    • The Department of Energy is integrating battery energy storage systems operators into cybersecurity exercise programs in order to address challenges with the battery ecosystem threat analysis picture not consistently shared with stakeholders.
  • Inverter Controls & Power Conversion Equipment. Inverter controls and power conversion equipment underpin every connection between the electrical grid and distributed energy resources (DERs), such as solar panels, batteries, wind turbines, or hydrogen electrolyzers. When paired with robust cybersecurity, inverters support more sophisticated grid services while promoting greater resilience and lower operating costs across the diverse energy assets of our energy future.
    • The Department of Energy is developing guidance and best practices for the adoption and implementation of tools to increase the cyber posture of operators of network-connected inverters.
  • Distributed Control Systems. Cloud-enabled distributed control leverages network connectivity to enable sophisticated aggregation, coordination, and management at scale. Secure-by-design management software will enable greater operation and coordination of hundreds of thousands of DERs; virtual power plants; transmission and distribution systems; small nuclear reactors; community microgrids; and other innovative energy systems.
    • The Department of Energy is developing testing procedures and verification methodologies for the data requirement and data integration interfaces for advanced distribution management systems, distributed energy resource management systems, microgrid controllers, and other integration software in order to provide industry with clear testing and verification methods for ensuring compliant vendor equipment.
  • Building Energy Management Systems. Advanced building energy management systems improve comfort and well-being through the optimization of heating, ventilation, and cooling systems, as well as lighting systems, and the integration of “behind the meter” energy resources.
    • The Department of Energy is conducting vulnerability assessments for the most commonly-used components and platforms for Building Energy Management Systems.
  • Electric Vehicles (EVs) & Electric Vehicle Supply Equipment (EVSE). Powered by secure and sophisticated distributed energy control systems, digitally-managed EVSE can enable smart charging, by which utilities or consumers can manage the charging schedules of EVs to optimize grid load, reduce energy costs, or maximize alignment with modern energy sources. Similarly, EV batteries can be marshalled to be either local sources of backup electricity or citywide virtual power plants, buttressing systemic resilience.
    • The Joint Office of Energy and Transportation will transition findings from previously completed field testing into a portable test kit that EVSE stakeholders can use to rapidly evaluate the cybersecurity posture of EVSE and EV charging infrastructure based on a cultivated hardware/software platform and provided testing methodology. 

The United States Government will only succeed in implementing the EMCIP through close collaboration with the private sector; civil society; state, local, Tribal, and territorial governments; international partners; and Congress. Federal agencies will collaborate with interested stakeholders to implement the plan and build new partnerships where possible.

###

Scroll to Top Scroll to Top
Top