DoE Releases Supply Chain Cyber Guide
Building in Protections During Product Design, Manufacturing
The Department of Energy has released new guidance to help strengthen energy delivery system cybersecurity.
The guidance, Cybersecurity Procurement Language for Energy Delivery Systems, provides strategies and suggested language to help the U.S. energy sector and technology suppliers build in cybersecurity protections during product design and manufacturing.
"As the cybersecurity landscape continues to evolve, new threats, technologies, techniques, practices and requirements may need to be considered during the energy sector procurement process," the guidance says. "This document will also need to evolve to meet the challenges of this changing landscape."
The guidance provides baseline cybersecurity procurement language for the following:
- Individual components of energy delivery systems (e.g., programmable logic controllers, digital relays or remote terminal units);
- Individual energy delivery systems;
- Assembled or networked energy delivery systems.
"The Energy Department is committed to building a stronger and more secure electric grid through partnerships with industry, state and local governments and other federal agencies," says Energy Secretary Ernest Moniz. "As we deploy advanced technologies to make the U.S. power grid more reliable and resilient, we must simultaneously advance cybersecurity protections. The cybersecurity guidance ... will help industry further strengthen these technologies and protect our critical energy infrastructure."
White House Cybersecurity Coordinator Michael Daniel says managing supply chain risk is a key cybersecurity challenge. "This new guidance is a great example of the Administration's continued emphasis on building a strong partnership between industry and government," he says. "These efforts have produced tangible results, including this resource, which will enable organizations to use the principles in the new cybersecurity framework to address supply chain considerations."
