The Department of Energy and its cyber wing, the Office of Cybersecurity, Energy Security, and Emergency Response have opened $9 million in competitive federal funding for small and rural electric utilities to make cybersecurity improvements.
The money, part of the Advanced Cybersecurity Technology Prize Competition, will allow badly underfunded smaller and rural utilities and cooperatives in the electric sector to apply for chunks of funding that will go towards building more cyber resilience in their infrastructure that could defend against cyberattacks, ransomware actors and other digital threats.
The funding would go towards a range of investments eligible under the program, developing network architectures of digital systems, cybersecurity technical assessments, plans and roadmaps for improving a utility’s cyber posture, the purchase and implementation of new software solutions, purchasing plans to minimize the risk from third-party providers and secure installation of technologies and technology dependent systems.
“Rural electric cooperative, municipal, and small investor-owned utilities carry out a critical economic and national security role in the United States — often with limited resources,” Energy Under Secretary for Infrastructure David Crane said in a statement. “As the Biden-Harris administration seeks to create a more secure and reliable energy grid and strengthen the economies and quality of life in rural communities across America, it is imperative that the Department of Energy assists our rural utility partners with cybersecurity issues.”
The program announced Wednesday is primarily designed to serve utilities that are already members of the federal Rural and Municipal Utility Advanced Cybersecurity Grant Program that have “limited” economic, staff or cybersecurity resources or that serve U.S. military installations. According to the department, nearly 1 out of 6 Americans are served by electric utilities who meet that threshold definition.
The department plans to issue another competitive funding opportunity in the future that will cater towards the needs of utilities with mature cybersecurity programs in place.
The $9 million is part of a larger tranche of $250 million that Energy officials are drawing from the Bipartisan Infrastructure Law passed by Congress in 2021 that will pump more than $50 billion into improving safeguards in an energy industry that, like many other sectors of critical infrastructure, relies on decades-old technologies that were never designed with cybersecurity in mind.
According to a report by the American Society of Civil Engineers in 2021, the U.S. electric sector faces a massive investment gap around basic infrastructure, energy efficiency, cybersecurity and other needs.
“All three major components of the electric grid (generation, transmission, and distribution) have an investment gap. To meet the latest state-driven Renewable Portfolio Standards in generation infrastructure, the gap is projected to grow to a cumulative $197 billion by 2029,” the report concluded.
The RMUC program is part of a larger effort by the federal government to revamp and modernize the nation's energy infrastructure to better deal with climate change, hacking threats and natural disasters.
Last year, Energy officials told SC Media that the long sought-after Bipartisan Infrastructure Law represented a once-in-a-generation opportunity for the energy sector to modernize the electric and energy sectors to deal with modern threats from hackers, nation-states and cybercriminals who seek to access or disrupt the systems and networks used to manage generate the electricity that powers American society.
“Any time you’re on the cusp of introducing new technology or on the cusp of significant spending [or] investing in infrastructure upgrades, that’s the time where you really want to think strategically,” Cheri Caddy, then-senior advisor for cybersecurity policy and strategy at the Department of Energy, told SC Media in an interview last year. “How do I optimize my spending not just for efficiency…but use that occasion, that strategic opportunity to think about building secure?”
