DOE Cyber Pilot Takes Centralized Approach to Threat Monitoring

The U.S. Department of Energy’s (DOE) Energy Threat Analysis Center (ETAC) has fully implemented its cyber pilot designed to help the agency build more robust cyber defenses across the energy sector, driving a centralized approach to monitoring threats against the U.S. energy infrastructure.

According to Lili Colon, principal deputy director of the Office of Cybersecurity, Energy Security and Emergency Response (CESER) at DOE, one of her office’s top priorities is strengthening the resilience and security of the U.S. energy sector by using an all-hazards approach to safeguard critical energy infrastructure from cyberattacks, physical incidents, natural disasters and supply chain vulnerabilities.

Colon told GovCIO Media & Research during a recent interview that ETAC aims to bring together near real-time intelligence, sophisticated analytics and deep sector knowledge and expertise to provide actionable insights to energy stakeholders.

“Key objectives include deploying advanced threat-detection capabilities, enhancing cross-sector information sharing, and supporting sector-specific threat preparedness,” said Colon. “We completed the pilot in late September and we’re working towards integrating it fully with other DOE and interagency efforts and position it as a cornerstone of the nation’s energy security strategy.”

ETAC has made major strides since its launch early last year, and partnerships have played a key role in its success. Colon said the agency is confident that their partnerships and strategic approach will keep ETAC on track to becoming a transformative initiative for energy security.

“Since launching ETAC in 2023, we’ve made considerable progress in establishing partnerships with national laboratories, utilities and other stakeholders who bring valuable insights and expertise,” said Colon. “We’ve started developing the technical infrastructure necessary for threat data analysis and worked on creating collaborative frameworks that enhance information sharing between government and private entities.”

CESER’s partnerships with national laboratories, Cybersecurity and Infrastructure Security Agency (CISA) and industry stakeholders are vital in creating a unified front to address infrastructure threats. Colon said the national labs offer cutting-edge research and technological capabilities that support their threat detection, predictive analytics and resilience engineering initiatives.

“By working with CISA, we ensure that our efforts are integrated within the broader national cybersecurity framework, leveraging their expertise in threat intelligence and incident response coordination,” said Colon. “With industry partnerships, CESER gains valuable insights into operational challenges, allowing us to develop policies and tools directly relevant to those on the front lines. These collaborations enable us to create a more comprehensive threat landscape view and respond quickly and effectively to potential disruptions.”

Colon said she’s especially excited about CESER’s Cyber Resilience Initiative. It aims to boost cybersecurity capabilities of smaller utilities and rural energy providers that may not have access to the same resources as larger entities. They hope to create a more equitable and resilient energy sector by providing targeted training, tools and support.

“Another exciting project is the expansion of our advanced data analytics capabilities within ETAC. With new machine learning models and predictive tools, we aim to enhance our ability to identify emerging threats before they manifest into large-scale disruptions,” said Colon. “These initiatives, among others, underscore CESER’s commitment to a proactive, inclusive and forward-thinking approach to energy security.”