DOE Releases Cybersecurity Multiyear Program Plan (MYPP) to Guide Cybersecurity R&D

The Office of Energy Efficiency and Renewable Energy (EERE) at the Department of Energy (DOE) has issued a Report to Congress on a new Cybersecurity Multiyear Program Plan (MYPP). The report shares how the Department intends to pursue cybersecurity research and development in the coming years and includes milestones to track progress toward identified goals. The report was issued in accordance with the Energy and Water Appropriations Act of 2019, but also supports the implementation of White House Executive Order (EO) 138002, which directs Federal agencies to support cyber risk management efforts for critical infrastructure, and to work with the energy sector to identify, protect, detect, respond, and recover from cyberattacks targeting energy infrastructure.

The report lists two main goals for the MYPP. The first is to accelerate cyber resilience R&D of EERE operational technologies. This goal is meant to improve cybersecurity defense and resilience, mitigate vulnerabilities, and develop next-generation technologies that can defend against evolving cyber threats. The second goal of the MYPP is to increase EERE stakeholder cybersecurity awareness. This is achieved through improving situational awareness, enhancing EERE technology cybersecurity maturity, and identifying opportunities for EERE stakeholders to participate in cyber incident response exercises.

The report also identifies workforce readiness as a challenge to meeting the nation’s cybersecurity needs, saying that “the number of cybersecurity experts has not kept up with demand.” The report recognizes that while cybersecurity has traditionally fallen on the shoulders of IT personnel, engineers and company managers are increasingly taking on cybersecurity-related roles requiring additional training and tools to effectively respond to emerging cyber threats.

The report concludes with a summary of current federal programs actively working to achieve the goals outlined in the report, one of those programs being the Clean Energy Manufacturing Innovation Institute for Cybersecurity in Energy Efficient Manufacturing. The federal government recognizes the strong connection between improvements in energy efficiency and manufacturing competitiveness, both of which are at risk from cybersecurity threats. The manufacturing sector is among those called out by the White House’s Executive Order and are given special consideration in the MYPP.

To read the full report, please visit: https://www.energy.gov/sites/prod/files/2020/11/f80/EERE%20Cybersecurity%20Multiyear.pdf.