Department of Energy

Department of Energy Cybersecurity and Digital Components Supply Chain Deep Dive Assessment

On February 24, 2021, President Biden issued Executive Order 14017 on America’s Supply Chains directing the Secretary of Energy to submit a supply chain strategy overview report for the energy sector industrial base (as determined by the Secretary of Energy). The U.S. Department of Energy (DOE) defines the Energy Sector Industrial Base (ESIB) as the energy sector and associated supply chains that include all industries/companies and stakeholders directly and indirectly involved in the energy sector. The energy sector industrial base involves a complex network of industries and stakeholders that spans from extractive industries, manufacturing industries, energy conversion and delivery industries, end of life and waste management industries, and service industries to include providers of digital goods and services.

Department of Energy Assessment of Electricity Disruption Incident Response Capabilities

Electricity is critical to every aspect of modern life. The United States’ national security, economy, and public health and safety rely on the North American electric grid every second of the day. These, and many other functions powered by the grid have likely experienced local outages caused by weather, accidents, or sometimes from tree branches falling on power lines. Larger power outages, however, are infrequent occurrences, due in part to an array of organizations that work tirelessly to ensure the grid remains reliable, resilient, and secure. Nonetheless, it is neither practical nor possible to prevent all disruptive events. Grid owners and operators balance risk, investment, and cost to customers when making investments in their systems.

Idaho National Laboratory Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector

With utilities in the U.S. and around the world increasingly moving toward smart grid technology and other upgrades with inherent cyber vulnerabilities, correlative threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication. The potential for malicious actors to access and adversely affect physical electricity assets of U.S. electricity generation, transmission, or distribution systems via cyber means is a primary concern for utilities contributing to the bulk electric system. This paper seeks to illustrate the current cyber-physical landscape of the U.S. electric sector in the context of its vulnerabilities to cyber attacks, the likelihood of cyber attacks, and the impacts cyber events and threat actors can achieve on the power grid. In addition, this paper highlights utility perspectives, perceived challenges, and requests for assistance in addressing cyber threats to the electric sector.

Department of Energy Oak Ridge National Laboratory Plutonium Disposition Red Team Report

The Plutonium Management and Disposition Agreement (PMDA) calls for the United States and Russia to each dispose of 34 metric tons (MT) of excess weapon-grade plutonium by irradiating it as mixed oxide fuel (MOX), or by any other method that may be agreed by the Parties in writing. The MOX disposition pathway is a realization of the spent fuel standard (SFS) as envisaged in the 1994 National Academy of Sciences (NAS) review that recognized the value of physical, chemical, and radiological barriers to future use of the material in nuclear weapons whether by state or non-state actors. The decision to pursue the MOX pathway using light water reactors in combination with immobilization using a can-in-canister approach was adopted by the United States Department of Energy (DOE) after review of 37 different pathways for disposition in 1997.

DHS Privacy and Civil Liberties Assessment Report on Executive Order 13636

Section 5 of Executive Order 13636 (Executive Order) requires the DHS Chief Privacy Officer and Officer for Civil Rights and Civil Liberties to assess the privacy and civil liberties impacts of the activities the Department of Homeland Security (DHS, or Department) undertakes pursuant to the Executive Order and to provide those assessments, together with recommendations for mitigating identified privacy risks, in an annual public report. In addition, the DHS Privacy Office and the Office for Civil Rights and Civil Liberties (CRCL) are charged with coordinating and compiling the Privacy and Civil Liberties assessments conducted by Privacy and Civil Liberties officials from other Executive Branch departments and agencies with reporting responsibilities under the Executive Order.

Sandia National Laboratories Mobile Biometric Device Technology Study

Mobile biometric devices (MBDs) capable of both enrolling individuals in databases and performing identification checks of subjects in the field are seen as an important capability for military, law enforcement, and homeland security operations. The technology is advancing rapidly. The Department of Homeland Security Science and Technology Directorate through an Interagency Agreement with Sandia sponsored a series of pilot projects to obtain information for the first responder law enforcement community on further identification of requirements for mobile biometric device technology. Working with 62 different jurisdictions, including components of the Department of Homeland Security, Sandia delivered a series of reports on user operation of state-of-the-art mobile biometric devices. These reports included feedback information on MBD usage in both operational and exercise scenarios. The findings and conclusions of the project address both the limitations and possibilities of MBD technology to improve operations. Evidence of these possibilities can be found in the adoption of this technology by many agencies today and the cooperation of several law enforcement agencies in both participating in the pilot efforts and sharing of information about their own experiences in efforts undertaken separately.

Sandia National Laboratories/Department of Energy Sensitive Country List

A sensitive country is one to which particular attention is given during the review and approval process for Foreign Visits & Assignments. Countries may be designated as sensitive for reasons of national security, nuclear nonproliferation, regional instability, threat to national economic security, or terrorism support. A foreign national is considered to be from a sensitive country if he/she is a citizen of a sensitive country or is employed by the government of an institution of a sensitive country.

(U//FOUO) DHS “Red Cell” Report: How Terrorists Might Use a Dirty Bomb

An independent, unclassified analytic Red Cell session, sponsored jointly by the U.S. Departments of Energy and Homeland Security, found a Radiological Dispersal Device (RDD) attack on the U.S. homeland to be highly appealing from a terrorist standpoint. The Red Cell group, which simulated two different terrorist cells, believed an RDD attack would be relatively easy to prepare and mount and could have wide-ranging physical, psychological, political, and economic impacts. The group believed radioactive materials would be easy to procure, especially from abroad, and found a variety of potential targets across the country. Participants expected that public distrust of official guidance would heighten fear and panic.

U.S. Department of Energy Highly Enriched Uranium Production Historical Report

In February 1996, the Department of Energy (DOE) commissioned a comprehensive effort to document and declassify the United States inventory and other information needed to present a complete picture of the production, acquisition, and utilization of highly enriched uranium (HEU). Highly Enriched Uranium: Striking A Balance presents the results of that study. The effort was commissioned to facilitate discussions of HEU storage, safety, and security with stakeholders, to encourage other nations to declassify and release similar data, and to support the national policy on transparency of nuclear materials. This information will also be available for formulating policies involving the identification and disposition of surplus nuclear materials.

(U//FOUO) DoE-DHS Energy Sector Critical Infrastructure Protection Plan

In its role as Energy SSA, DOE has worked closely with dozens of government and industry security partners to prepare this 2007 Energy SSP. Much of that work was conducted through the Sector Coordinating Councils (SCC) for electricity and for oil and natural gas, as well as through the Energy Government Coordinating Council (GCC). The electricity SCC represents more than 95 percent of the electric industry and the oil and natural gas SCC represents more than 98 percent of its industry. The GCC, co—chaired by DHS and DOE, represents all levels of government—Federal, State, local, and tribal-that are concerned with the Energy Sector.