August 9, 2024
The Biden-Harris Administration’s Investing in America agenda is driving the largest clean energy investment in history, unleashing a manufacturing and deployment boom that has attracted hundreds of billions of dollars in private sector investment, created more than 270,000 new good-paying jobs, and is lowering home energy costs and utility bills for families across the country. The digitally enabled capabilities that modern energy resources unlock also promise to drive a more ambitious future of abundant, affordable, clean, reliable and resilient energy.
Opportunities provided by clean energy innovations can include extracting more performance from existing infrastructure to reduce material costs; boosting the deliverability of low cost and new energy sources to customers; increasing the efficiency of our electric grid which lowers electricity costs to consumers; improving the reliability of assets and systems through better forecasting and optimized control; revolutionizing our transportation infrastructure with a wider range of rapid travel options; and improving resilience to enable rapid recovery from extreme weather in an era of changing climate conditions.
As these new technologies are designed, developed, and deployed, the Biden-Harris Administration is working alongside stakeholders to further strengthen our digital and energy ecosystems, including using innovative new methods for mitigating sources of risk to our critical infrastructure. These technologies are often powered by new entrants to the field, with nimble startups and novel contributors spurring innovation alongside more established energy actors. This increasingly diverse group of stakeholders requires deep coordination and coherence to drive comprehensive resilience across the energy transition.
Many of these newer solutions are built on modern technology frameworks that, if manufactured and deployed with Secure by Design and Default principles, will increase system resilience and build a long-lasting foundation for a more ambitious energy future. The convergence of network-based information technology (IT) and physical process management operational technology (OT) is elevating the centrality of software to this transition. The U.S. Government is working to identify and scale the collaboration necessary to integrate these diverse considerations, enhance security across the energy ecosystem, and build deep and durable intuition for both digital opportunities and cyber risks across the public and private sectors.
In support of these efforts and pursuant to the National Cybersecurity Strategy’s (NCS) commitment to the cyber-enabled foundations of the energy transition, NCS Implementation Plan version 2.0’s Initiative 4.4.4, and Executive Order 14008 on Tackling the Climate Crisis at Home and Abroad, the White House Offices of the National Cyber Director (ONCD) and Domestic Climate Policy (CPO) are chairing a whole-of-government effort to ensure the digital ecosystem is prepared to deliver a secure energy future.
The Biden-Harris Administration is committed to ensuring the digital ecosystem remains prepared for today’s and tomorrow’s challenges, and is placing additional focus on five cyber-enabled technologies key to the near-term energy transition:
- Batteries & Battery Management Systems. Batteries are poised to be foundational engines of the energy transition. They are enabling utility-scale storage of solar energy for nighttime dispatch, strengthening resilience and flexibility for commercial and residential owners of on-site battery packs, and enabling cleaner and more affordable transportation from buses to cars to e-bikes. With properly architected and secured software, both firmware and cloud-based, batteries big and small promise an ambitious energy future less constrained by the time or geography of electricity generation.
- Inverter Controls & Power Conversion Equipment. These serve a simple function with profound import: converting power from direct current to alternating current, and vice versa. This process underpins every connection between the electrical grid and many distributed energy resources, be they solar panels, batteries, wind turbines, or hydrogen electrolyzers. Modern smart inverters are equipped with advanced computing and networking capabilities, and when paired with robust cybersecurity, can support more sophisticated grid services while promoting greater resilience and lower operating costs across the diverse energy assets of our energy future.
- Distributed Control Systems. As the energy transition continues to transform electricity generation, transmission and distribution, and storage assets into a more diverse, diffuse, and digitally interconnected ecosystem, cloud-enabled distributed control will leverage these assets’ network connectivity to enable sophisticated aggregation, coordination, and management at scale. Secure-by-design management software will enable greater operation and coordination of hundreds of thousands of distributed energy assets, virtual power plants, community microgrids, and other innovative energy systems, while integrating advanced cybersecurity control technologies.
- Building Energy Management Systems. Software-defined resource management is transforming our energy ecosystem from both the top-down as well as the bottom up, with the Internet of Things and computer-based facility controls proliferating across our built environment. Advanced building energy management systems are improving comfort and well-being through the optimization of heating, ventilation, and cooling (HVAC) systems, lighting systems, and the integration of “behind the meter” distributed energy resources like rooftop solar panels, on-site batteries, and generators.
- Electric Vehicles (EVs) & Electric Vehicle Supply Equipment (EVSE). Electric vehicles and associated grid-integrated charging equipment (or EVSE) promise benefits beyond cheaper, cleaner, and more flexible forms of electrified transportation. Powered by secure and sophisticated distributed energy control systems, digitally-managed EVSE can enable smart charging, where utilities or consumers can manage the charging schedules of EVs to optimize grid load, reduce energy costs, or maximize alignment with clean energy sources. Similarly, EV batteries can be marshalled to be either local sources of backup electricity or citywide virtual power plants buttressing systemic resilience.
In support of these priorities, the U.S. Government is seeking to cultivate a strategically aligned stakeholder community, develop nimble standards and regulations, produce cutting-edge research and development, support swift and resilient deployment, manage risk to relevant supply chains, build workforce capacity, and mitigate systemic risk. Through initiatives like those listed below, the U.S. Government seeks to seize this once in a generation opportunity to equip our critical infrastructure with modern and secure technology.
Cultivate a Strategically Aligned Stakeholder Community
Given the diverse and distributed nature of the energy stakeholder community, the U.S. Government is empowering increased cohesion within the energy ecosystem, including by promoting a shared vision of purpose and understanding of risk. A robust community of practice across the public and private sectors is necessary to foster strategic alignment, shared goals, and coordinated information flows. Illustrative examples include:
- The Department of Energy has launched the Energy Threat Analysis Center (ETAC) to advance operational collaboration between government and private sector partners to mitigate cyber threats to the energy ecosystem.
- The U.S. Government will build on ETAC’s experience and related efforts to integrate R&D, collaborative cyber analysis, and threat intelligence for new clean energy stakeholders, infrastructure owners and operators, and vendors.
Develop Nimble and Robust Standards and Guidelines
Modern, distributed energy technologies are deploying at the rapid pace necessary to meet our climate goals. The U.S. Government is working to ensure technical standards and implementation guidance are being developed at the speed necessary to ensure our energy infrastructure has the secure and resilient foundations necessary to operate at its most ambitious potential.
- The National Laboratory-led Securing Solar for the Grid (S2G) research effort is strengthening cybersecurity maturity levels for all solar stakeholders by developing standards, testing, assessment tools, supply chain analysis, and education and training.
- The Department of Energy will release implementation guidance for states, distribution utilities and DER operators and aggregators who choose to adopt the Cybersecurity Baselines for Distribution and Distributed Energy Resources to mitigate cybersecurity risk and enhance grid security. The U.S. Government will offer technical assistance to states and distribution entities to implement the Cybersecurity Baselines.
- The U.S. government will advance and test secure-by-design and secure-by-default guidelines specific for digital energy infrastructure using the National Cyber-Informed Engineering (CIE) Strategy and provide industry technical assistance on adoption and reporting.
Produce Cutting-Edge Research and Development
The U.S. Government is enabling the research and development community to gain a better understanding of the novel deployment dynamics present in the energy transition, mitigate novel risk alongside increasing digital-physical convergence, and better deliver the full potential of the energy transition to the American people.
- Oak Ridge National Laboratory is exploring how digital ledger technology can ensure the immutability of sensor data and asset configuration across geographically diffuse distributed energy resources and their field equipment.
- The Grid Modernization Laboratory Consortium and its Grid Modernization Initiative (GMI) have issued a lab call to develop an EVSE standards assessment within three years.
- The U.S. Government will continue to support research and development efforts in cybersecurity, building on the vast existing research portfolios across departments and agencies.
Support Swift and Resilient Deployment
The U.S. Government is working to support the rapid deployment of Secure by Design new energy technologies alongside the development and adoption of cybersecurity standards that are robust while flexible for an evolving technical ecosystem.
- The General Services Administration (GSA) is offering Federal agencies a customized EV suitability tool through FedRAMP compliant telematics solution provider to ensure adequate cybersecurity controls
- The U.S. Government will establish a working group for Federal clean energy technology integrators and importers of non-domestic digital energy infrastructure to evaluate the modification of equipment protection language in contracts for linchpin technologies and develop acceptable contract terms and conditions.
Manage Risk in Energy Component Supply Chains
The energy transition is powering a wave of reindustrialization in the United States and among its closest allies and partners. Even with the rapid pace of onshoring manufacturing, global energy supply chains remain deeply global and diffuse. The U.S. Government is actively working to understand how these supply chains contribute to risk for the energy transition and encouraging the adoption of appropriate mitigations consistent with the Supply Chain Cybersecurity Principles and with Secure by Design principles.
- The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), the Joint Office of Energy and Transportation (“Joint Office”), and the National Labs are collaborating on a first-of-its-kind EVSE Supply Chain Risk Evaluation, Analysis, and Mitigation study to be completed within two years.
- The U.S. Government encourages sector stakeholders to procure digital energy systems that incorporate baseline levels of security throughout product life cycles. The DOE Supply Chain Cybersecurity Principles help prioritize security and resilience within the sector and provide a concise set of principles that the energy industry can use to guide and validate cybersecurity decisions.
Build Workforce Capacity
The Biden-Harris Administration is working to ensure the American workforce has the necessary skills and expertise to support the cybersecurity, resilience, and novel digitally-enabled potential of modern energy technologies.
- The White House has named nine Investing in America Workforce Hubs to connect and train Americans for the good-paying jobs created by the Investing in America agenda. Several of these hubs are focused on clean energy and industries of the future.
- The Operational Technology (OT) Defender Fellowship Program offers middle- and senior-level OT security managers in the U.S. energy sector an opportunity to more fully understand the cyber strategies and tactics that adversarial state and nonstate actors use in targeting U.S. energy infrastructure, and how the U.S. government is postured to counter these adversarial activities.
- The U.S. Government will build on recommendations in the National Cyber Workforce and Education Strategy by leveraging presidential priority programs such as Registered Apprenticeship to develop and strengthen pathways for Americans to join the cyber workforce in new energy technology development and manufacturing.
- The U.S. Government will integrate linchpin technologies into operational exercise programs for cybersecurity, such as GridEx and Liberty Eclipse, and enable energy operators to strategically participate in exercise programs, such that cyber scenarios can be validated.
Mitigate Systemic Risk
Realizing the full potential of the energy transition requires the development of a clear understanding and implementation of mitigation measures addressing the systemic risks of IT-OT convergence in these new complex, multi-node technology integrations and the novel opportunities for security-by-design in new deployments. The U.S. Government’s goal is to partner with industry to advance those efforts.
- The Department of Defense will perform systems mapping and analysis of EVSE integrations in complex environments to identify potential systemic risks, using existing methodologies.
- The U.S. Government will develop an interagency effort, in partnership with industry, for incident response, defining roles and responsibilities that includes a wider range of stakeholders across the energy sector value chain.
- The Department of Energy will leverage Cyber Testing for Resilient Industrial Control Systems (CyTRICS) and existing technical assistance programs to identify and assess vulnerabilities in linchpin technologies and capture lessons learned for pen testing.
U.S. security and competitiveness lies in our unique ability to innovate and deploy the digital and energy infrastructure necessary to meet the challenges of this century both at home and abroad. Through actions like these, the Biden-Harris Administration continues to drive an innovative, ambitious, and secure energy transformation.