The plan focuses largely on supply chain risks to the electric grid, requests input on the DOE’s role in coordinating cybersecurity efforts.

On April 20, the Biden administration, through the United States Department of Energy (DOE), issued what it is calling its 100-day plan to address cybersecurity risks to the US electric system. The plan is a coordinated effort among DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA). It “represents swift, aggressive actions to confront cyber threats from adversaries who seek to compromise critical systems that are essential to US national and economic security,” according to the announcement.

The idea is that DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), working with utilities, will “continue to advance technologies and systems that will provide cyber visibility, detection, and response capabilities for industrial control systems of electric utilities.” To achieve this goal, the efforts undertaken in this “sprint” focus on encouraging power grid players to:

1. Implement measures or technology that enhance their detection, mitigation and forensic capabilities.
2. Deploy technologies that enable near real-time situational awareness and response capabilities in the critical industrial control system (ICS) and operational technology (OT) networks.
3. Enhance the security posture of their IT networks.
4. Deploy technologies to increase the visibility of threats in ICS and OT systems.

This article appeared in CSO Online. To read the rest of the article please visit here.