US DOE Unveils Cybersecurity Principles to Strengthen Global Energy Security
The U.S. Department of Energy (DOE), in collaboration with the Idaho National Laboratory, has introduced Supply Chain Cybersecurity Principles. These principles outline best practices for securing the supply chain that supports energy infrastructure, aiming to protect equipment and technologies from cyber threats intending to disrupt or damage critical infrastructure. Designed for both manufacturers and end users, the principles provide a framework to enhance the security of essential technologies used worldwide in the management and operation of electricity, oil, and natural gas systems.
According to Industrial Cyber, the Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) crafted the Supply Chain Cybersecurity Principles, incorporating feedback from industrial control systems (ICS) manufacturers and asset owners involved in CESER’s supply chain research. This development also integrates findings from the Idaho National Laboratory. CESER has established 10 Supply Chain Cybersecurity Principles specifically tailored for suppliers, alongside a separate set of 10 principles geared towards end-users.
Prominent energy sector suppliers and manufacturers such as GE Vernova, Schneider Electric, Hitachi Energy, Schweitzer Engineering Laboratories, Rockwell Automation, Siemens, Siemens Energy, and Honeywell have endorsed the principles, supporting enhanced security measures.
The agency is also launching an effort with its international government and industry partners to align the principles to existing requirements, develop guidance for interpreting and adopting the principles, and identify gaps where international coordination could advance supply chain security throughout the global energy sector.
