Energy delivery systems are a critical piece of North America’s energy infrastructure, providing system operators and automated controllers with timely, accurate information that is needed to ensure the reliable delivery of energy. Today’s energy infrastructure is faced with evolving malicious and unintentional cyber threats. One important step in protecting these systems is embedding cybersecurity in the procurement process of energy delivery systems, thus ensuring that cybersecurity is considered throughout the system lifecycle, from the earliest phases of system development through testing, manufacturing, delivery, installation, and support.
Recognizing the need for cybersecurity procurement language focused on the energy sector, the U.S. Department of Energy convened a public–private working group and asked Energetics to lead the project management, coordination, facilitation, and outreach efforts for this endeavor. The resulting guidance document — developed over the course of a year — was informed by over 300 comments collected from 23 organizations representing utilities, suppliers, standards bodies, and government.
Energetics led the design and implementation of the two public comment periods and facilitated discussions with the procurement language working group to review and document the recommended remediation steps. To help keep the public informed, Energetics coordinated with the drafting team to host and facilitate two public webinars, each of which attracted over 100 attendees. The process provided maximum transparency, allowed all team members’ opinions to be considered, and provided ample time for review and comment—key components to gaining sector-wide buy-in and support.
The resulting cybersecurity procurement guidance document is the first to focus strictly on energy delivery systems. This baseline cybersecurity language is being used today to help asset owners, operators, and suppliers clearly communicate procurement expectations and requirements.