The Department of Energy is placing an increased emphasis on public-private partnerships to combat future cybers threats to critical infrastructure operational technology (OT), according to written testimony from a department official to a House energy panel.

A House Energy and Commerce oversight subcommittee hearing on Friday to examine the DoE’s role in establishing cyber security standards for national infrastructure was postponed. 

Bruce Walker, assistant secretary for DoE’s Office of Electricity Delivery and Energy
Reliability, was scheduled to testify. His written testimony was available even though the hearing did not take place. 
iStock Cyber Lock

“Cyber security and the resilience of the energy sector are top priorities of the Secretary and a major focus of the Department,” Walker wrote in his prepared written testimony to the oversight subcommittee.

Cyber adversaries continue to target the energy sector due to the high-level assets of data contained within electrical, oil and natural gas sector controls, according to Walker.

DoE has seen an increase interested in exploiting vulnerabilities in infrastructure OT, specifically industrial control systems, programmable logic controls and data acquisition software.

“The heavy use of OT systems has made electric utilities, oil and natural gas providers, hydro and nuclear facilities, and water utilities prime targets for OT-related cyber-attacks.The disruption of any one of these is not only inherently problematic, it also hampers the ability to respond to any type of emergency event,” Walker said.

With industry partners owning and operating around 85 percent of critical infrastructure in the U.S., department officials are pursuing public-private partnerships as a foundational aspect for infrastructure cyber security.

“The Federal government does not own or operate the vast majority of the assets in the Nation’s energy sector, nor does DoE hold a monopoly on protecting the Nation’s critical infrastructure from cyber threats. As such, strong partnerships throughout the public and private sectors and with our Federal colleagues at DHS and other law enforcement and national security-oriented agencies are essential to function effectively” Walker wrote in his prepared remarks.

The department’s Cybersecurity Risk Information Sharing Program (CRISP) is a major component of an effort to facilitate stronger partnerships within the electricity subsector.

CRISP utilizes DoE’s developed sensors and threat analysis capabilities to coordinate threat sharing and situational awareness exercises with its private sector partners.

“In recent years, DoE has done a commendable job as the [Sector Specific Agency] for the energy sector, especially with the electricity subsector,” the subcommittee wrote in its prepared briefing on the hearing. “Through executive-level engagement and commitment, both from the Department and industry partners, the subsector has developed significant trust, collaboration, and unity of message between public and private partners.”

The oversight subcommittee also plans to discuss how the department plans on utilizing private sector partners to address the increased attack vector that comes with modernizing grid infrastructure.

“DoE is committed to continue building on its years of coordinating with and fostering vital energy sector relationships with our Federal partners, as well as investing in technologies to enhance security and resilience in order to support industry efforts to respond to, and recover quickly from, all threats and hazards,” writes Walker.

There is currently no new date set for the oversight subcommittee hearing.