How the Energy Department is Prioritizing Secure Infrastructure

The priorities and efforts of the Energy Department’s nascent Office of Cybersecurity, Energy Security, and Emergency Response, or CESER, were laid out by its first acting Principal Deputy Assistant Secretary Adrienne Lotto Thursday.

“We all see the magnitude and sophistication of the threats facing our energy infrastructure. Our nation’s electricity, fuel and delivery systems have become more complex and even more interdependent,” Lotto told attendees of the Association for Federal Information Resources Management’s Cybersecurity Summit in Washington. “As a result, the threat against the sector has become even more frequent and more sophisticated.”

In response, she said Energy Secretary Rick Perry created the new office in February 2018 to elevate the threats to the public and private sectors and allocate resources and a workforce to address those threats head-on. The president included $96 million in the fiscal 2019 budget request to stand up the office.

Lotto said CESER leads the department’s efforts to secure the nation’s energy infrastructure against all hazards, reduce both the risks and impacts of cyber and other disruptive events, and assist in restoration when disruptions do happen—because they inevitably will.

“We address all hazards: cyber, manmade and natural,” she said.

Lotto also went into detail around the office’s early efforts. She said it is developing techniques to enhance the speed and effectiveness of threat and vulnerability information sharing that’s both bi-directional and machine to machine. She said the office has noticed that they’re seeing the threats “not only on the [information technology] side of the house but on the [operational technology] side, as well.”

She said it’s important for “both the federal government and private sector to work towards closing the understanding of that gap.”

Lotto also said that the office is working on a tool called CyOTE, or Cybersecurity for the Operational Technology (OT) Environment, which works to increase situational awareness through an industry-led approach that will share and analyze OT data.  

“That data will be enhanced by insight from the intelligence community and our [Energy] National Labs,” she said.

The office is also participating in exercises with other agencies and industry partners to enhance the security of the nation’s energy systems, and the ability to quickly bounce back after an attack or disruption. Lotto said it recently participated in an exercise with the Defense Advanced Research Projects Agency and other key partners on New York’s Plum Island. The office had the opportunity to shut down the island’s grid, and have operators practice “black starting the system,” which is a complex process to re-start a power grid.

“It was really enlightening and the team learned a lot,” she said.

The office is also working with states in both planning and coordination, to ensure they are improving their cybersecurity preparedness framework. Lotto said coordination across all of America’s governments and the private sector is ultimately crucial for success.

“It’s all hands on deck to solve a really big problem,” she said.