The U.S. Department of Energy (DOE) recently released the Office of Energy Efficiency and Renewable Energy (EERE) Cybersecurity Multiyear Program Plan (MYPP) to guide cybersecurity research and development (R&D) for EERE technologies. In alignment with the U.S. Department of Energy Cybersecurity Strategy and DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) efforts, EERE will accelerate cybersecurity R&D to strengthen EERE technologies and systems that are critical to renewable energy, manufacturing, buildings, and transportation—all of which are increasingly interconnected and vulnerable to cyber-attack.

“Through this Multiyear Program Plan, EERE is pursuing a holistic and unified strategy to advance cybersecurity R&D and preparedness across the renewable power, energy efficiency, and transportation sectors,” said Daniel R Simmons, Assistant Secretary of the Office of Energy Efficiency and Renewable Energy. “Coupled with robust engagement and partnership with industry, academic, and government stakeholders, the R&D activities in this plan will strengthen the cybersecurity of emerging technologies throughout the EERE portfolio.”

EERE’s strategy focuses on two key goals: 1) accelerate cyber-resilience R&D for EERE operational technologies; and 2) increase EERE stakeholder cybersecurity awareness. EERE’s R&D activities will help mitigate common threats and vulnerabilities in hardware and software throughout its portfolio, including power electronics, sensors, control systems, and information communication technology.

“Advances in the connectedness and interoperability of EERE technologies requires an increased focus on cybersecurity,” said Alex Fitzsimmons, Deputy Assistant Secretary for Energy Efficiency. “Cyber threats targeting EERE technologies present an immediate risk to the integrity and availability of energy infrastructure and other systems critical to the nation’s economy, security, and well-being. New technologies must be designed with cybersecurity as a requirement.”

As a result of this strategy, EERE stakeholders will be empowered to more readily detect, respond to, and recover from evolving cyber threats and vulnerabilities. The strategy will also facilitate more engagement with industry, academia, and other government offices to ensure EERE’s early-stage research meets its goals without duplicating efforts.

Recent examples of project and tools supporting this plan include:

• Facility Cybersecurity Best Practices Tool: The Federal Energy Management Program (FEMP) launched a new tool that users understand best practices for securing facility-related control systems. It also maps potential cyber-attack tactics and techniques that could be used by an attacker if vulnerabilities are not resolved.
• Roadmap for Wind Cybersecurity: This roadmap from the Wind Energy Technology Office (WETO) outlines the increasing challenges of cyber threats to the wind industry, its technologies, and control systems and presents a framework of activities and best practices that the wind industry can use to improve its cybersecurity.
• Incorporation of hardening smart charging stations from attack: The Vehicle Technologies Office (VTO) incorporated cybersecurity requirements into recent funding for projects to support new and innovative advance vehicle technologies. Projects such as “e-Mosaic: Electrification Mosaic Platform for Grid Informed Smart Charging Management,” “Resilient-Interoperable-Smart Charge Management Control Systems Architecture for EVs at scale,” and “Utility Managed Smart Charging for Consumer and Grid Benefits.”
• Cybersecurity Manufacturing Innovation Institute in partnership: The Advanced Manufacturing Office (AMO) selected the University of Texas – San Antonio to lead the Cybersecurity Manufacturing Innovation Institute (CyManII), a public-private consortium that works to improve American manufacturing competitiveness, energy efficiency, and innovation. CyManII will focus on early-stage research and development to advance cybersecurity in energy-efficient manufacturing.
• 2019 Grid Modernization Lab Call Awards: DOE’s Grid Modernization Initiative (GMI) awarded projects in the cybersecurity and physical security topic area as a part of an expansion of the GMI vision to strengthen reliability and resilience. Cybersecurity projects include “Blockchain for Optimized Security and Energy Management (BLOSEM)” and “Digital Twin Reinforcement Learning.”

DOE’s Office of Energy Efficiency and Renewable Energy accelerates development and facilitates deployment of energy and water efficiency and renewable energy technologies and market-based solutions that strengthen U.S. energy security, environmental quality, and economic vitality.