Strengthened Cybersecurity Measures for Manufacturing Under New White House Guidance

With the rising threat of cyberattacks on clean energy supply chains, the Department of Energy has released a new set of best practices aimed at securing the cyber supply chains for critical energy systems.

Almost half of all critical manufacturing across the globe faces a significant risk of a data breach, according to a report released at the World Economic Forum in Davos, Switzerland by SecurityScorecard, a cyber ratings company.

This initiative underscores the increasing priority on cybersecurity within the manufacturing sector, particularly for technologies managing electricity, oil, and natural gas systems.

Key Framework Highlights

The newly introduced framework emphasizes 10 best cybersecurity practices for both suppliers and consumers, focusing on risk management, transparency, operational resilience, and proactive incident response.

These guidelines were developed with input from various stakeholders, including energy automation and industrial control system manufacturers, as well as cybersecurity experts from the Idaho National Laboratory.

Supplier and Consumer Best Practices

For suppliers, the framework stresses the importance of maintaining vulnerability management processes aligned with industry best practices. This includes providing ongoing product support and implementing security patches throughout the product lifecycle.

Consumers are encouraged to incorporate specific cybersecurity terms and conditions into their contracts and to work closely with suppliers to ensure the integration of appropriate cybersecurity controls and platforms.

National and International Efforts

The urgency of this guidance is highlighted by recent discussions at the G7 Summit in Apulia, Italy, where global leaders committed to enhancing cybersecurity resilience in key sectors, including manufacturing. National Security Advisor Jake Sullivan emphasized the importance of securing new digital clean energy technologies to prevent service disruptions.

Growing Cyber Threats to Manufacturing

The cyber threat to U.S. critical manufacturing is escalating. According to FBI data, the manufacturing sector experienced the second-highest number of cyberattacks among U.S. industries last year, with 218 incidents, trailing only the healthcare sector. Globally, nearly half of critical manufacturers are at risk of a cyberattack, often due to a lack of visibility into their broader business ecosystems.

Patching Cadence and Cybersecurity Gaps

A recent report highlighted a decline in the patching cadence for critical manufacturing, indicating slower application of security updates to address vulnerabilities.

This drop, from a score of 88 to 76 year-over-year, reflects growing challenges in maintaining robust cybersecurity measures. The report also noted that 54% of confirmed breaches are attributed to cybersecurity gaps within other organizations, underscoring the interconnected nature of supply chain security.

Federal and Agency-Level Initiatives

In response to these threats, the Biden administration has taken steps to enhance U.S. manufacturing and supply chain security. The White House Council on Supply Chain Resilience, formalized by executive order, aims to fortify these sectors.

Concurrently, the Department of Energy has been working with energy distributors to improve cybersecurity, including initiatives launched in February to secure distribution systems and distributed energy resources.

Additionally, the DOE announced $30 million in funding in January for research and development projects focused on improving the cybersecurity of clean energy resources.

The Department of Energy’s new cybersecurity framework represents a critical step in addressing the growing cyber threats facing the manufacturing sector. By adhering to these best practices, both suppliers and consumers can bolster their defenses against potential cyberattacks, ensuring greater operational resilience and security in the evolving digital landscape.