The Department of Energy is offering $70 million in funds toward research and development for technology that would protect delivery infrastructure against cyber-related threats and other physical hazards, part of what a senior agency official said is the prioritization of “the operational technology side of the house.”
The All-Hazards Energy Resilience funding opportunity will be managed by the DOE’s Office of Cybersecurity, Energy Security and Emergency Response, and a senior CESER official said in an interview with FedScoop that the agency is specifically interested in OT-related proposals that explore how one might produce a zero-trust architecture in an electrical or oil and natural gas environment.
“I think the cybersecurity community has come leaps and bounds in the last decade and a half,” the CESER official said. The OT side of the network will become “even more complex as we move to distributed energy kind of resource footprint. And those architectures modernize those capabilities to do cybersecurity and defend from those persistent threats [that] are a little bit more nascent in that kind of energy sector OT field.”
With awards of up to $5 million in funds, the DOE said it’s looking for universities, tribal nations, companies and others to provide solutions for technology meant to protect critical energy infrastructure from all threats, such as malicious cyber attacks and bad actors.
The DOE’s release acknowledges that the “growing digital landscapes” put existing energy systems at risk for attacks. For example, two department entities were victims of a cyberattack that resulted from a vulnerability in MOVEit file transfer software.
“There are real risks to infrastructure; a lot of research in the world heretofore has been to prevent entry and detect it once it’s there,” the CESER senior official said. “Things are going to happen and when they do, you have to be able to operate your electrical or oil or natural gas infrastructure in a degraded mode, even potentially through that compromise.”
The official said that the research awards are “threat-informed” but could not comment on any specifically targeted infrastructure from bad actors.
“The entry vectors into the sector are many,” the official said. “There are IT pathways where you’re coming in the IT front door, traversing the network and getting into the OT network. There are other kinds of pathways to enter the infrastructure, all of which are being considered in this funding opportunity announcement, but also in the broader portfolio of research we run in our office.”