Cybersecurity threats are outpacing the energy sector’s “best defenses,” and costs of preventing and responding to cyber incidents are straining company efforts to protect critical infrastructure, the Department of Energy (DOE) warned as it released a comprehensive five-year cybersecurity strategy for the industry.

The Multiyear Plan for Energy Sector Cybersecurity, dated March 2018 but which was made public by the DOE’s Office of Electricity Delivery and Energy Reliability (OE) on May 14, lays out an “integrated strategy” for the DOE’s new Office of Cybersecurity, Energy Security, and Emergency Response (CESER). It essentially seeks to “gain an upper hand” in the fight against cybersecurity, outlining “disruptive changes in cyber risk management practices.”

Power companies and utilities, along with oil and gas entities, have integrated advanced digital technologies to automate and control physical functions for improved efficiency and adjust to a “rapidly changing generation mix,” but this has created a “larger cyber attack surface and new opportunities for malicious cyber threats,” the plan notes.…

Read More »