On April 20, 2021, the Department of Energy (DOE) launched a 100-day plan to increase the cybersecurity of electric utilities’ industrial control systems (ICS) and protect the electric grid as a part of the Biden administration’s effort to safeguard critical infrastructure in the U.S against threats.[1] The initiative is a coordinated effort between the DOE, the electric industry, and the Cybersecurity and Infrastructure Security Agency (CISA). In partnership with electric utilities, the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) will advance technologies and systems that will provide cybersecurity capabilities for ICS of electric utilities. The 100-day plan will encourage the implementation of measures or technology that “enhance their detection, mitigation, and forensic capabilities;” include milestones throughout the initiative for identification and deployment of technologies and systems that facilitate near real-time situational awareness and response capabilities in ICS and operational technology (OT) networks; reinforce the cybersecurity of critical infrastructure information technology networks; and include a “voluntary industry effort” to improve threat visibility in ICS and OT systems.
The DOE also released a new Request for Information (RFI) to seek stakeholder recommendations for supply chain security in U.S. energy systems. In addition, the DOE announced that it is revoking the "Prohibition Order Securing Critical Defense Facilities.” The prohibition order, which the Trump administration issued in 2020, blocked utilities that supply critical defense facilities from procuring certain types of bulk power system equipment from China.
[1] https://www.energy.gov/articles/biden-administration-takes-bold-action-protect-electricity-operations-increasing-cyber-0