The US Department of Energy has released new Supply Chain Cybersecurity Principles to encourage best practices for both suppliers and end users.
On June 18, 2024, the US Department of Energy (DOE) released a new set of Supply Chain Cybersecurity Principles. The principles are a list of best practices that are applicable to both suppliers and end-users - but with different actions for the two parties.
American energy systems are at increased risk of cyber attacks from malicious actors. Considering how many important parts of US energy infrastructure come from international manufacturers, tightening cybersecurity in the global supply chain is a worthwhile investment. In the document, the call to adopt the principles is issued not just to US industrial control systems (ICS) suppliers and end users, but also to “ICS suppliers and end users across the globe”.
The principles were developed by the DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER), along with input from ICS operators and research from Idaho National Laboratory. Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies, said that the “U.S. energy sector is a target for cyber criminals and for foreign adversaries, alike,” and this new initiative emphasizes “the importance of aligning individual supply chain security efforts for operational technology used in the energy sector.”
For both suppliers and end users, there are ten cybersecurity principles to follow:
U.S. Deputy Secretary of Energy, David M. Turk is optimistic about these guidelines, saying: ”As we build our clean energy future, it is critical that we incorporate strong cybersecurity protections. Together with our G7 allies, we’re helping ensure energy infrastructure worldwide is more reliable and resilient against tomorrow’s threats and challenges.”
This enthusiasm is not unfounded, fortunately. In a statement, National Security Advisor Jake Sullivan shared that “several prominent suppliers and manufacturers serving the energy sector”, including “GE Vernova, Schneider Electric, Hitachi Energy, Honeywell, Schweitzer Engineering Laboratories, Rockwell Automation, Siemens and Siemens Energy” have already given their support to the principles. As more and more organizations agree to meet these standards, the international supply chain will be a more secure space.