The U.S. Department of Energy (DOE) has introduced the Supply Chain Cybersecurity Principles in collaboration with the Idaho National Laboratory, aiming to fortify cybersecurity standards across energy infrastructure supply chains.
These principles are designed to safeguard equipment and technologies from exploitation by cyber actors seeking to disrupt critical infrastructure. They establish a framework applicable to manufacturers and end users globally, particularly in sectors managing electricity, oil, and natural gas systems.
Crafted by the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), the Supply Chain Cybersecurity Principles reflect insights from industrial control systems (ICS) manufacturers and asset owners involved in CESER’s supply chain research, incorporating contributions from the Idaho National Laboratory. The initiative comprises 10 principles tailored for suppliers and a separate set of 10 for end-users.
Major industry players including GE Vernova, Schneider Electric, Hitachi Energy, Schweitzer Engineering Laboratories, Rockwell Automation, Siemens, Siemens Energy, and Honeywell have endorsed these principles, endorsing heightened security measures.
To enhance international alignment, the DOE is collaborating with global government and industry partners to integrate these principles into existing requirements, develop implementation guidance, and identify opportunities for international coordination to enhance supply chain security across the global energy sector.
Jake Sullivan, National Security Advisor, emphasized the global significance of securing energy systems against cyber threats: “Energy systems globally are under constant cyber attack and vulnerable to disruption. As new digital clean energy technologies are integrated, ensuring their cyber resilience is crucial to prevent service disruptions or destruction.” Sullivan highlighted commitments made by President Biden and G7 leaders to strengthen the cybersecurity of technologies critical to managing global energy systems.
David M. Turk, Deputy Secretary of Energy, underscored the importance of incorporating robust cybersecurity measures into the transition to clean energy: “As we build our clean energy future, strong cybersecurity protections are critical. Together with our G7 allies, we are enhancing global energy infrastructure’s reliability and resilience against emerging threats.”
Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies, reaffirmed the administration’s focus on bolstering the security and resilience of critical energy infrastructure: “The Biden-Harris Administration is prioritizing the security and resilience of our critical energy infrastructure with this global initiative, emphasizing the importance of aligning individual supply chain security efforts for operational technology used in the energy sector.”
The Supply Chain Cybersecurity Principles prescribe impactful risk management practices that consider impacts across the organization’s supply chains throughout the system engineering lifecycle. They advocate for robust defenses, adherence to cybersecurity frameworks, and domain-specific regulations to ensure secure product deployment. Additionally, they emphasize the importance of continuous improvement through incident response, vulnerability management, and lifecycle support.
The DOE also recently released a report assessing the benefits and risks of artificial intelligence (AI) in critical energy infrastructure, highlighting its ongoing efforts to harness AI’s benefits while ensuring safe and responsible deployment across federal initiatives.
Source: industrialcyber.co
