Electric cooperatives can help the Department of Energy ensure that a $250 million fund for utility cybersecurity is properly spent by speaking up now, the head of the new federal program told a crowd of more than 300 attending NRECA’s Co-op Cyber Tech.
The Rural and Municipal Utility Advanced Cybersecurity Grant and Technical Assistance program is being designed after four listening sessions across the country and requests for information to ensure it is on the right track, said Dr. Cynthia Hsu, cybersecurity manager in DOE’s Office of Cybersecurity, Energy Security, and Emergency Response.
“We have $250 million; we’re going to spend it,” Hsu said at the May 18 session. “What we spend it on and whether that is useful to you is partly dependent on whether we get information from you.”
As early as this summer, the program, which was created by the bipartisan infrastructure law, will begin disbursing grants and technical assistance for cybersecurity technologies, capacity building and services to protect against, detect, respond to or recover from a cybersecurity threat, she said.
“It’s much broader than just buying technology,” she said. “It’s about making you better with the stuff you have, using the stuff you need and training you up to accelerate what you’re capable of.”
After its design is complete, the RMUC program’s next steps include identifying funding mechanisms that support multiple recipients and developing resources to minimize challenges to apply for funding.
The program will also continue to develop and implement outreach and engagement activities to reach eligible entities, Hsu said. She welcomed attendees’ feedback during the conference and through CESER.RMUC@hq.doe.gov.
Only three types of electricity providers are eligible for RMUC aid: electric co-ops; municipal utilities and investor-owned utilities with sales below 4 million megawatt-hours a year. Priority is given to utilities with limited cybersecurity resources and those with assets critical to the reliability of the bulk power system.
Hsu, who previously led NRECA’s Rural Cooperative Cybersecurity Capabilities (RC3) Program, listed upcoming trainings and exercises from CESER, the department’s primary cyber R&D arm, which include:
CyberStrike, a one-day intensive exercise based on the Dec. 23, 2015, cyberattack on Ukraine’s power grid.
Operational Technology Defender Fellowship, a free but competitive program for 14 participants to learn about federal information sharing and cyber intelligence.
CyberForce program to train up the next generation of cybersecurity experts.
A free, three-day intensive training session, including a CyberStrike exercise. Registration information will be available on the RMUC webpage this summer.
Hsu encouraged co-ops to participate in CESER programs and to use the tools available from RC3.
“The goal is to understand the risks and have the risks drive the programs,” she said. “If we understand what the risk is, then we know how to focus our R&D dollars to get the biggest bang for the buck. Today’s research is tomorrow’s capabilities.”
Co-ops can visit NRECA’s Infrastructure Resource Hub to learn more about funding from the bipartisan infrastructure law and how to join the Cyber and Physical Security Consortium.