Energy Department officials eye 2027 date to stand-up cyber intelligence center

Energy Department officials touted their current work Tuesday on a pilot tasked with connecting cyber threat intelligence and mitigation strategies between it, the Cybersecurity and Infrastructure Security Agency, intelligence community and private sector, calling for more resources to scale the program.

Puesh Kumar, director of the department's Office of Cybersecurity, Energy Security and Emergency Response, told a House Energy and Commerce subcommittee that work on the Energy Threat Analysis Center, or ETAC, has already shown promise recognizing cyber threats to the energy sector emerging out of the Russia-Ukraine conflict, even as the pilot program continues to develop.

"Right now, from a cyber perspective, what's happening is individual companies are seeing cyber threats on their individual networks. We're seeing cyber threats to the intelligence community, but we're not putting the pieces together to really understand what is the risk to our national security, and what's the larger trends that are happening in the sector. And we need to be doing that if we're going to stay ahead of the threat that we're facing," Kumar told the subcommittee.

"And the ETAC is really meant to do that. It's meant to not only bring the people together, subject matter experts from electric power utilities, petroleum engineers and the government together to really understand these threats."

The Energy Department first proposed ETAC in its fiscal 2023 budget request as part of a collaborative effort across public and private sectors to help share cyber threat information and safeguard the energy sector in the wake of events like the 2021 Colonial Pipeline ransomware attack.   

Officials requested an additional $5 million in the department's fiscal 2024 budget request to help further scale the program and deliver an operational collaborative capability to share intelligence; enable information exchange; develop a deeper understanding of "threat actor tactics, capabilities and activities" and other milestones.

Kumar said that ETAC is already leveraging expertise within the Energy Department, and its national research laboratories, and was able to identify cyber threats and get advisories out to the energy sector in the wake of the war in Ukraine.

When asked where the efforts to fully operationalize ETAC stood, Kumar said the plan was to have the center fully ready by 2027, but that to do so would "require both resources and some authorities" from Congress. 

"We're still working through fully standing up the ETAC and for that, we would need help from Congress and others," he said.

Kumar didn't specify what additional authorities ETAC would need but stressed that it would help key cybersecurity and energy sector stakeholders collaborate to mitigate threats to the critical infrastructure segment. 

But even as the center is still being operationalized, Kumar said that the Energy Department is already tracking potential energy disruptions through a decade-old reporting requirement for electricity companies via the Federal Energy Regulatory Commission as well as through Information Sharing and Analysis Centers, or ISACs, composed of companies in specific sub-sectors of energy production and delivery.

"Generally speaking, what we see is these companies want to let us know what's going on because they also want to share that information and cascade it with their peers across the sector," Kumar said. "And so, we need to continue encouraging that because if something's happening in one part of the country, we need another energy company in another part of the country."