The U.S. Department of Energy (DOE) has released new Supply Chain Cybersecurity Principles, developed in collaboration with Idaho National Laboratory. These principles establish best practices for cybersecurity throughout the supply chain that supports energy infrastructure. Designed for both manufacturers and end users, the principles aim to strengthen key technologies used to manage and operate electricity, oil, and natural gas systems globally.
Several prominent suppliers and manufacturers serving the energy sector have expressed support for these principles, including GE Vernova, Schneider Electric, Hitachi Energy, Schweitzer Engineering Laboratories, Rockwell Automation, Siemens, Siemens Energy, and Honeywell.
“As we build our clean energy future, it is critical that we incorporate strong cybersecurity protections,” said U.S. Deputy Secretary of Energy David M. Turk. “Together with our G7 allies, we’re helping ensure energy infrastructure worldwide is more reliable and resilient against tomorrow’s threats and challenges.”
"The U.S. energy sector is a target for cyber criminals and for foreign adversaries alike,” said Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger. “The Biden-Harris Administration is prioritizing the security and resilience of our critical energy infrastructure with this global initiative, emphasizing the importance of aligning individual supply chain security efforts for operational technology used in the energy sector.”
The supply chain constitutes a significant source of risk for energy systems as components of the American grid, pipelines, and related infrastructure are developed and manufactured by disparate companies on a global scale. President Biden has made supply chain security an area of intense focus and called on agencies responsible for critical infrastructure to take meaningful steps to proactively address security concerns.
Energy systems worldwide are undergoing significant changes as they become more digitized, integrate new sources of clean energy, and implement new communications pathways. A global approach to supply chain cybersecurity is imperative and can be achieved through collaboration among leading manufacturers from like-minded countries such as Canada, France, Germany, Italy, and the U.K. This global effort aims to secure equipment and technologies before they are exploited by cyber actors seeking to cause destruction or disruption to critical infrastructure.
For more information, please see the White House statement from June 18, 2024.
