The U.S. Department of Energy will provide up to $15 millionto support efforts by the American Public Power Association and the NationalRural Electric Cooperative Association to reinforce their member organizations'cyber and physical security, DOE said July 12.
Over the next three years, APPA and NRECA will use thefunding to develop security tools, educational resources, training programs andupdated guidelines to improve cyber and physical security culture, according tothe DOE. The organizations also plan to conduct exercises and utility siteassessments as well as encourage information-sharing on a larger scale amongtheir members to boost security capabilities.
The financial commitment, subject to congressional appropriations,is part of the Obama administration's efforts to protect criticalinfrastructure in the U.S. Roughly 26% of the electricity customers in the U.S.receive their power from municipal public power providers and rural electriccooperatives, according to the DOE.
More than $210 million has been invested in cybersecurityresearch and development projects through the DOE's Cybersecurity for EnergyDelivery Systems program, which is part of its Office of Electricity Deliveryand Energy Reliability, the department said.
"As our definition of energy security and the cyberthreat landscape evolve, we continue to help our partners strengthen the waysin which they protect critical infrastructure," U.S. Deputy EnergySecretary Elizabeth Sherwood-Randall said in a statement. "This funding isanother important step in improving the resiliency of our power grid and ourability to respond quickly and effectively to threats in today's dynamicenvironment."
The DOE's efforts to bolster cybersecurity align with its "Roadmapto Achieve Energy Delivery Systems Cybersecurity," a public-privateframework released inSeptember 2011.
The 2011 framework updated a previous version released in2006 and included a broader focus on energy delivery systems, smart gridtechnologies and the interface of cyber and physical security. The goal of the2011 framework was to introduce sound risk management practices and newprotective measures, improve risk assessments and monitoring, bolster incidentmanagement and sustain security improvements.