The White House has issued new guidance to enhance cybersecurity within clean energy manufacturing, as the threat of cyberattacks on these supply chains continues to escalate.
A Framework for Cybersecurity
The Department of Energy has unveiled a new set of best practices aimed at securing the cyber supply chains of clean energy. These chains are integral to the operation and management of electricity, oil, and natural gas systems. The framework outlines ten best cybersecurity practices for suppliers and consumers alike, with a focus on risk management, transparency, operational resilience, and proactive incident response. The Biden administration has highlighted the growing need for such guidance as the energy sector faces increasing cyber threats from both domestic and foreign actors.
Collaborative Development and Best Practices
The Office of Cybersecurity, Energy Security, and Emergency Response at the Energy Department developed these guidelines. They collaborated with energy automation and industrial control system manufacturers, as well as the Idaho National Laboratory, which specializes in cybersecurity research. The guidelines include maintaining vulnerability management processes for suppliers that align with industry best practices and providing product support, including security patches and mitigations throughout the lifecycle of an end user transaction. For end users, the department recommends including contractual language that will influence security outcomes and working with suppliers to fully understand and integrate appropriate cybersecurity controls and platforms.
Global Efforts and the Growing Threat
The U.S. is not alone in its efforts to enhance manufacturing cybersecurity. The issue was a topic of discussion among leaders at the recent G7 Summit in Apulia, Italy. Officials committed to “continue discussions” on improving cybersecurity resilience in key sectors, including supply chain security. The threat to U.S. critical manufacturing is on the rise, with the sector experiencing the second highest number of cyberattacks among U.S. industries last year. Globally, nearly half of critical manufacturers are at risk of a cyberattack, with many organizations lacking visibility into their broader business ecosystems to successfully fend off an attack.
Biden Administration’s Response
In response to the heightened risk, the Biden administration has shown increased interest in strengthening U.S. manufacturing and supply chain security. In November, the administration established the White House Council on Supply Chain Resilience, which was formalized earlier this month by executive order. At the agency level, the DOE has been collaborating with energy distributors to enhance cybersecurity. The department also allocated $30 million in funding in January to support research, development, and demonstration projects aimed at improving the cybersecurity of clean energy resources.
