DOE Opens $45M Challenge on Grid Cybersecurity

Funding to Target New Technologies that Can Isolate, Eradicate Cyberattacks

Shutterstock

Aug 18, 2022

DOE issued a $45 million challenge for the development of tools and technologies to protect electric, oil and natural gas systems from cyberattacks.

The Department of Energy issued a $45 million challenge Wednesday for the development and commercialization of tools and technologies to protect U.S. electric, oil and natural gas production and delivery systems from cyberattacks.

The goal is to build on grid upgrades funded through the Infrastructure Investment and Jobs Act and the recently signed Inflation Reduction Act by integrating “greater cyber defenses into our energy sector,” DOE said in a press release. Up to 15 projects could be funded, with a focus on research, development and demonstration of new cybersecurity technologies, the press release said.

Eligible proposals must apply to electricity generation, transmission, or distribution (including energy management systems and electric vehicles) or oil and natural gas production, refining, storage or distribution.

“As DOE builds out America’s clean energy infrastructure, this funding will provide the tools for a strong, resilient and secure electricity grid that can withstand modern cyberthreats and deliver energy to every pocket of America,” Energy Secretary Jennifer Granholm said.

The $45 million from the DOE Office of Cybersecurity, Energy Security and Emergency Response will be targeted at “tools and technologies that enable energy systems to autonomously recognize a cyberattack, attempt to prevent it and automatically isolate and eradicate it with no disruption to energy delivery,” the press release said.

Other areas of focus for the funding include:

building cybersecurity and resilience into technologies through a “cybersecurity by design” approach, which identifies “key cybersecurity features and risk considerations from the start;”
protecting systems through the broad-scale adoption and standardization of encryption;
developing tools and technologies to detect and prevent ransomware attacks at the hardware, firmware and software levels; and
developing software to serve project owners and operators that can be tested “across a full range of attacks in both testbed and real environments.”

Funding will also be provided for two demonstration projects in which developers will team up with asset owners and operators to field test technologies “purpose built for the operational technology environment, capable of adapting to and surviving a cyberattack and have been made available to the energy sector.”

‘Interoperable, Scalable, Readily Manageable’

Both the Infrastructure Investment and Jobs Act and the Inflation Reduction Act provide funding for grid upgrades and building and transportation electrification that will likely accelerate digitization of the U.S. electricity system, which will make the grid smarter and more efficient while also providing more targets for cyberattacks.

The IIJA’s $7.5 billion in funding for EV chargers is aimed at putting 500,000 chargers along U.S. highways, potentially making them a huge target for cyberattacks. The IRA provides funds to help low-income families buy electric home appliances, again opening millions of points of entry for cyber criminals.

The DOE funding opportunity announcement (FOA) is structured to promote both technical innovation to prevent and mitigate cyberattacks, and commercialization and integration strategies to get the new tools and technologies adopted by utilities, grid operators and other energy stakeholders.

The FOA lays out a two-step structure for applicants: a research and development phase focused on innovation, and a demonstration phase, which requires applicants to provide a plan for commercialization and the buildout of domestic supply chains and jobs.

Individual grants will range from $1.5 million to $3 million, and applicants will be required to supply matching funds equal to 29% of project costs, except for the demonstration projects, where the funding split will be 50% each for DOE and the applicants.

Commercialization plans must include “U.S. manufacturing commitments as well as plans for technology maturation and technology licensing,” the FOA says. “Invention and copyright licensing to commercialize technology” developed under the FOA is also required.

DOE will be looking for “interoperable, scalable, readily manageable advanced tools and technologies [that] are compatible with common methods and best practices,” the FOA says.

Applicants will also have to develop diversity, equity, inclusion and accessibility plans aimed at ensuring benefits and jobs for “underrepresented groups in STEM [science, technology, engineering and math]” and their communities.

Concept papers are due by Sept. 12, with a full application due Dec. 5. Winners will be notified in February and funding awards made in June 2023.

Wednesday’s funding opportunity follows on the DOE’s April announcement of $12 million in awards to six university-led teams researching the use of “anomaly detection, artificial intelligence and machine learning, and physics-based analytics to strengthen the security of next-generation energy systems.” According to the announcement, these next-gen systems “include components placed in substations to detect cyber intrusions more quickly and automatically block access to control functions.”

CIP Department of Energy FERC & Federal