Supply chain, Security Strategy, Plan, Budget, Critical Infrastructure Security

Department of Energy opens $9 million in competitive cyber funding to small electric utilities

In the evening, electricity workers and pylon silhouette, Power workers at work

The Department of Energy and its cyber wing, the Office of Cybersecurity, Energy Security, and Emergency Response have opened $9 million in competitive federal funding for small and rural electric utilities to make cybersecurity improvements.

The money, part of the Advanced Cybersecurity Technology Prize Competition, will allow badly underfunded smaller and rural utilities and cooperatives in the electric sector to apply for chunks of funding that will go towards building more cyber resilience in their infrastructure that could defend against cyberattacks, ransomware actors and other digital threats.

The funding would go towards a range of investments eligible under the program, developing network architectures of digital systems, cybersecurity technical assessments, plans and roadmaps for improving a utility’s cyber posture, the purchase and implementation of new software solutions, purchasing plans to minimize the risk from third-party providers and secure installation of technologies and technology dependent systems.

“Rural electric cooperative, municipal, and small investor-owned utilities carry out a critical economic and national security role in the United States — often with limited resources,” Energy Under Secretary for Infrastructure David Crane said in a statement. “As the Biden-Harris administration seeks to create a more secure and reliable energy grid and strengthen the economies and quality of life in rural communities across America, it is imperative that the Department of Energy assists our rural utility partners with cybersecurity issues.”   

The program announced Wednesday is primarily designed to serve utilities that are already members of the federal Rural and Municipal Utility Advanced Cybersecurity Grant Program that have “limited” economic, staff or cybersecurity resources or that serve U.S. military installations. According to the department, nearly 1 out of 6 Americans are served by electric utilities who meet that threshold definition.

The department plans to issue another competitive funding opportunity in the future that will cater towards the needs of utilities with mature cybersecurity programs in place.

The $9 million is part of a larger tranche of $250 million that Energy officials are drawing from the Bipartisan Infrastructure Law passed by Congress in 2021 that will pump more than $50 billion into improving safeguards in an energy industry that, like many other sectors of critical infrastructure, relies on decades-old technologies that were never designed with cybersecurity in mind.

According to a report by the American Society of Civil Engineers in 2021, the U.S. electric sector faces a massive investment gap around basic infrastructure, energy efficiency, cybersecurity and other needs.

“All three major components of the electric grid (generation, transmission, and distribution) have an investment gap. To meet the latest state-driven Renewable Portfolio Standards in generation infrastructure, the gap is projected to grow to a cumulative $197 billion by 2029,” the report concluded.

The electric sector faces an investment funding that gap of hundreds of billions of dollars. (Source: American Society of Civil Engineers)
The electric sector faces an investment funding that gap of hundreds of billions of dollars. (Source: American Society of Civil Engineers)

The RMUC program is part of a larger effort by the federal government to revamp and modernize the nation's energy infrastructure to better deal with climate change, hacking threats and natural disasters.

Last year, Energy officials told SC Media that the long sought-after Bipartisan Infrastructure Law represented a once-in-a-generation opportunity for the energy sector to modernize the electric and energy sectors to deal with modern threats from hackers, nation-states and cybercriminals who seek to access or disrupt the systems and networks used to manage generate the electricity that powers American society.

“Any time you’re on the cusp of introducing new technology or on the cusp of significant spending [or] investing in infrastructure upgrades, that’s the time where you really want to think strategically,” Cheri Caddy, then-senior advisor for cybersecurity policy and strategy at the Department of Energy, told SC Media in an interview last year. “How do I optimize my spending not just for efficiency…but use that occasion, that strategic opportunity to think about building secure?”

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.