The Department of Energy (DoE), along with several suppliers and manufacturers serving the energy sector, released a new set of Supply Chain Cybersecurity Principles today to drive best practices across the industry.
DoE released the principles alongside GE Vernova, Schneider Electric, Hitachi Energy, Honeywell, Schweitzer Engineering Laboratories, Rockwell Automation, Siemens, and Siemens Energy.
The agency’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) developed the principles with input from leading industrial control systems (ICS) manufacturers and asset owners.
“Energy systems around the world face continuous cyberattacks and are vulnerable to disruption. As new digital clean energy technologies are integrated, we must ensure they are cyber secure to prevent destruction or disruption in services,” National Security Advisor Jake Sullivan said in a statement accompanying the principles.
Following the recent G7 Summit in Italy, Sullivan said President Biden and G7 leaders committed to creating a global cybersecurity framework for operational technologies for both manufacturers and operators.
He also said the Biden administration is “pleased that several prominent suppliers and manufacturers serving the energy sector have already expressed support” for the new cyber principles announced today.
The principles aim to inform international coordination to advance cybersecurity best practices into the future. They draw from national and international cybersecurity regulations, requirements, frameworks, guidelines, and standards – both regulatory and voluntary.
“In developing these principles, the United States is issuing a collective call to action for ICS suppliers and end users across the globe to support and adopt the principles,” the document says.
“We are launching an effort with our international government and industry partners to align the principles to existing requirements, develop guidance for interpreting and adopting the principles, and identify gaps where international coordination could advance supply chain security throughout the global energy sector,” it adds.
Some of the principles for suppliers and end users include impact-driven risk management, transparency and trust building, secure systems development and implementation, proactive vulnerability management, and proactive incident response.
All of the principles, along with their descriptions, can be found here.