The federal government will spend as much as $70 million for technologies that will create a more resilient energy delivery infrastructure that is better protected against a range of threats, including from cybercriminals.

The U.S. Department of Energy this month launched the All-Hazards Energy Resilience program, which is soliciting proposals from a broad range of organizations, including public and private entities, universities, nonprofit and for-profit companies, state, local, and tribal governments, and the DOE’s national laboratories.

The program is being managed by the agency’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) and will award individual projects between $500,000 and $5 million. CESER expected to hand out money to up to 25 research, development, and demonstration projects.

“These investments will help save money in the long run by identifying and developing innovative solutions that ensure our nation’s energy infrastructure can withstand emerging threats and the challenges of a changing world,” U.S. Energy Secretary Jennifer Granholm said in a statement, noting the dual challenges of security threats and climate change.

Cybersecurity and More

The All-Hazards Energy Resilience program will not only include programs aimed at cybersecurity, but also climate change research, physical security, wildfire mitigation, and university-based R&D. The last category put an emphasis on research that comes from historically black universities and colleges.

Proposals must be submitted by March 4, with awards expected to be announced in September.

The new DOE program is part of a larger directive by the Biden Administration to protect the country’s critical infrastructure, which includes not only energy but more than a dozen other sectors, including chemicals, healthcare, transportation, financial services, IT, and food and agriculture.

Water and wastewater systems also are on the list and were put on center stage in November when the Cybersecurity and Infrastructure Security Agency (CISA) warned that cyberthreat groups were trying to exploit programmable logic controllers (PLCs) – used to monitor water treatment process, such as turning pumps on and off that fill tanks and reservoirs – to threaten the integrity of municipal water operations.

The advisory was issued after the municipal water system in Aliquippa, Pennsylvania, was compromised when bad actors took control of it by exploiting PLCs created by Unitronics. The PLCs were used to monitor water pressure for nearby town and while local officials said there was no threat to drinking water, operators had to take system offline and shift to manual operations.

The threat group Cyber Av3ngers, like other pro-Palestinian hackers, has expanded its activity in Israel since the war with Hamas broke out in October 2023 and wrote in a note on the Telegram messaging platform that it was targeting equipment that was made in Israel. Unitronics is based in Israel.

At the same time, federal authorities said they were also investigating attacks of other water facilities in the United States, which reports said also could be victims of Cyber Av3ngers.

Colonial Pipeline Attack a Turning Point

The energy sector was spotlighted in 2021 with the ransomware attack on Colonial Pipeline by the Russia-linked DarkSide threat group. Colonial is a major gas supplier to the Southeast region and the attacked forced its systems temporarily offline, created gas shortage and long lines at the pumps.

The White House convened a 30-nation virtual summit following the attack and helped fuel it’s government-wide approach to cybersecurity and critical infrastructure, including creating the Joint Ransomware Task Force and the Joint Cyber Defense Collaborative to bring together public- and private-sector entities to address cyberthreats facing the country.

CISA detailed other steps that need to be taken in its assessment in May 2023 of what had been accomplished in the two years since the Colonial Pipeline attack.

“While we should welcome this progress, much work remains to ensure the security and resilience of our critical infrastructure in light of complex threats and increasing geopolitical tension,” CISA Director Jen Easterly wrote.