This story was updated at 12:40 p.m. EDT.
An Energy Department official who pioneered a cyberdefense plan for North American power grid and gas networks is leaving the agency to join the private sector, according to people familiar with the move.
Bruce Walker, who heads DOE’s Office of Electricity as assistant secretary, joined the department in 2017 and was instrumental in the issuance of a recent White House executive order that calls on DOE to block sales of foreign-made equipment that poses an unacceptable cybersecurity threat to U.S. high-voltage power networks.
But Walker is perhaps best known for pressing the case for the North American Energy Resilience Model, designed to map the interdependencies of gas pipelines feeding power generators and the gas system’s reliance on electricity.
Walker called it a "what-if" crisis planning machine for U.S. infrastructure facing constant probes and intrusion attempts by Russian and Chinese state-backed hackers (Energywire, Jan. 3).
He is leaving DOE at the end of the month to join the Financial Systemic Analysis & Resilience Center (FSARC), a nonprofit security operation created by the largest U.S. banking sector firms to defend backbone financial systems from hackers, according to people familiar with Walker’s plans.
The organization will expand to take on a parallel mission to DOE’s resilience model program, seeking to improve cyberdefenses for the power grid and potentially oil and gas operations, as well, these sources said.
CyberScoop first reported news of Walker’s departure yesterday.
Before joining DOE, Walker had been a county official in New York state, vice president for strategy at National Grid in Massachusetts and director of emergency operations at Consolidated Edison Inc. in New York City.
While at the agency, Walker helped steer its response to President Trump’s May 1 grid security order toward the protection of a particular set of power plants, substations and power lines that deliver electricity to the nation’s most critical defense installations, aligning DOE with the Pentagon’s drive to ensure that essential missions could be carried out even with a long-lasting power outage.
Trump’s order caught electricity executives by surprise, industry officials said. A senior DOE official briefing reporters about the order called it a response to intelligence warnings about China’s attempt to hack into U.S. energy networks, a link that put the order alongside other trade and security actions by the Trump administration against China (Energywire, May 4).
A comment period opened by DOE drew a range of responses from all sides of the energy sector. Walker and his team spent several months in briefings with industry groups about the plan. One of those meetings, with the board of Atlanta-based utility giant Southern Co., also featured a briefing by Scott DePasquale, the FSARC president and chief executive — foreshadowing Walker’s job change.
Now the implementation of the order will fall to others.
Tom Fanning, chairman and CEO of Southern, praised Walker’s impact on grid security policy, although Fanning would not comment on Walker’s plans.
"Bruce Walker has done a terrific job in evaluating critical infrastructure and the layers of resilience required to protect it," Fanning said. "In my opinion, the DOE is working very well with private industry to better protect infrastructure and better protect America."
The order directed DOE to publish regulations by the end of September to screen foreign-made transformers and other essential high-voltage grid equipment for hidden cybersecurity implants that could be triggered by a foreign adversary during a confrontation with the United States.
The order authorizes the DOE secretary, working with other federal department heads, to ban future purchases of equipment posing an "undue risk" of damaging power networks and to publish a list of pre-qualified approved suppliers. The list of banned suppliers is to be published "as soon as practicable."
In a July briefing with Canadian government and energy officials, Walker said the executive order process begins with blocking purchases of high-voltage grid equipment from companies connected to any foreign adversary. If many cases are found, "then we will pull that trigger and put out a list of prohibited items. I don’t anticipate that we’re going to be issuing a ‘white list’ per se, where you can buy X but not Y," Walker told the group, according to a report filed with DOE.
DOE officials would not comment on the timetable for the executive order actions.
"There is a lot going into that evaluation," said Fanning, who also co-chairs the Electricity Subsector Coordinating Council, the power industry’s threat response coordinator. "I’d rather the government do it right than do it in a hurry."
Reporter Lesley Clark contributed.