DOE 'totally focused' on cyber, says Energy secretary

The Energy secretary said DOE is committed to getting industry partners the tools, the intelligence and cyber response they need to address today's threats.

In fiscal year 2022, the Department of Energy’s research programs will prioritize cybersecurity, according to Secretary Jennifer Granholm

Responding to suggestions in a House Appropriations subcommittee hearing that DOE was not paying sufficient attention to cybersecurity in the way of high-profile attacks, Granholm stressed that DOE and its industry partners “are totally focused on it.”

In the hearing, Rep. Mike Simpson (R-Idaho), the subcommittee's ranking member, said the DOE's budget overview lacked any mention of cybersecurity.

"I was concerned to see not a single mention of cybersecurity in the DOE's budget overview," he said. "Cyber threats like these are persistent and increasing. As our world becomes more reliant on Internet-connected capabilities and technologies, we know that the cybersecurity challenge in front of us will increase in scope."

Simpson cited the hacking campaign against SolarWinds, the notable uptick in ransomware and the intrusion into a Florida community's water treatment plant that nearly resulted in the town's water supply being poisoned with dangerous levels of lye.

“I am completely committed to getting [industry partners] and us the tools and the intelligence and the cyber response that they need to address the threats that are out there," Granholm said.

Granholm said she is refocusing the Energy Department's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) on providing grid operators with threat intelligence and response capabilities. "I'm also going to be making sure that cyber R&D is a focus for all of our technology programs," she added.

In written testimony, the secretary also noted a 100-day plan announced by the White House in April to shore up the country's electrical grid.

The secretary also touted the April 12 hiring of Puesh Kumar, who led cybersecurity engineering at Southern California Edison, to head CESER on an acting basis.

Cybersecurity regulations can vary based on industrial sectors. For the water and wastewater treatment industry -- such as the Florida facility compromised earlier this year -- the Environmental Protection Agency is responsible for cybersecurity regulations. For the electrical industry, it falls to DOE.

In the aftermath of multiple cybersecurity incidents this past year, Biden administration officials have responded with their own flurry of efforts from various departments and agencies. The 100-day DOE plan to assess the country's grid is only one of those efforts.

This article was first posted to FCW, a sibling site to Defense Systems.