The All-Hazards Energy Resilience funding opportunity will be managed by the DOE’s Office of Cybersecurity, Energy Security and Emergency Response, and a senior CESER official said in an interview with FedScoop that the agency is specifically interested in OT-related proposals that explore how one might produce a zero-trust architecture in an electrical or oil and natural gas environment.

“I think the cybersecurity community has come leaps and bounds in the last decade and a half,” the CESER official said. The OT side of the network will become “even more complex as we move to distributed energy kind of resource footprint. And those architectures modernize those capabilities to do cybersecurity and defend from those persistent threats [that] are a little bit more nascent in that kind of energy sector OT field.”

With awards of up to $5 million in funds, the DOE said it’s looking for universities, tribal nations, companies and others to provide solutions for technology meant to protect critical energy infrastructure from all threats, such as malicious cyber attacks and bad actors. 

The DOE’s release acknowledges that the “growing digital landscapes” put existing energy systems at risk for attacks. For example, two department entities were victims of a cyberattack that resulted from a vulnerability in MOVEit file transfer software.

“There are real risks to infrastructure; a lot of research in the world heretofore has been to prevent entry and detect it once it’s there,” the CESER senior official said. “Things are going to happen and when they do, you have to be able to operate your electrical or oil or natural gas infrastructure in a degraded mode, even potentially through that compromise.”

The official said that the research awards are “threat-informed” but could not comment on any specifically targeted infrastructure from bad actors. 

“The entry vectors into the sector are many,” the official said. “There are IT pathways where you’re coming in the IT front door, traversing the network and getting into the OT network. There are other kinds of pathways to enter the infrastructure, all of which are being considered in this funding opportunity announcement, but also in the broader portfolio of research we run in our office.”

The post Energy Department has cyber threats to infrastructure in mind with $70 million funding offer appeared first on FedScoop.

The Department of Energy is closely watching the Pentagon’s JEDI implementation to see how it may change the way the two interact when sharing information, said Karen Evans, assistant secretary for the Office of Cybersecurity, Energy Security, and Emergency Response (CESER).

DOD and DOE work closely together on cybersecurity of the nation’s critical energy infrastructure, Evans explained Monday at a DOD CIO awards ceremony. Particularly, Evans and her office meet and work regularly with Cyber Command and NSA around “the whole what does it mean to defend forward, and how is DOD going to work with the private sector to make sure power stays up?”

Other federal agencies, like the intelligence and law enforcement communities, are also likely watching DOD’s implementation of JEDI, both for partnership and information sharing purposes but also to learn lessons in what’s positioned to be a massive migration — worth up to $10 billion over 10 years with contract extensions.

“We always look forward to seeing how DOD accomplishes migration to the cloud,” Evans said. “You guys have your big cloud award out there, so of course DOE is looking to see how that implementation is going to go forward. We will be right there with you, just a little bit behind, lessons learned from how you guys are doing stuff.”

Evans said this means “we need to have that same solution in place because we have to interact” with DOD. This doesn’t mean DOE is going to go off an award it’s own billion-dollar cloud contract just to communicate with the Pentagon — but it could build an enclave and adopt similar standards with the same cloud provider for maximum interoperability.

“That’s critical to us so that we understand what the technical platforms that you’re having in place because we have to be able to exchange and have you access our data so that we can then be able to have shared situational awareness in the energy sector,” she said.

Two weeks ago, the Pentagon awarded the JEDI contract to Microsoft, which edged out Amazon Web Services for the win. It remains to be seen if AWS will protest that decision.

The post Department of Energy closely watching DOD’s JEDI implementation appeared first on FedScoop.