AKMSecure
Back to Insights
Industry News

The Adversary Is Already Inside the Grid. DOE Is Drilling for It.

AKMSecure AKMSecure · Jul 07, 2026 · 5 min read

The Department of Energy is no longer framing grid intrusion as a possibility to prevent. In a June announcement, DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER) stated that nation-state adversaries “continue to pre-position inside U.S. critical infrastructure networks to hold our energy infrastructure at risk for a time and place of their choosing.” The agency's answer is an expanded exercise portfolio for oil and natural gas operators, detailed further in Industrial Cyber's coverage. Every scenario starts from the same premise: assume the adversary is already inside.

What changed in DOE's threat framing?

The language has shifted from intrusion as a risk to intrusion as a standing condition. CESER also notes that opportunistic actors are increasingly targeting operational technology and industrial control systems within the oil and natural gas subsector, not just corporate IT.

The stakes compound because the energy system is interdependent. Pipelines require electricity to pump fuel, and power plants rely on natural gas to generate power. A failure in one system can trigger cascading outages in the other, which is why CESER calls this subsector's resilience “vital to national security.”

The exercise portfolio: rehearsing for a bad day

Clear Path XIV arrives in Los Angeles this fall, focused on energy reliability ahead of the 2028 Summer Olympic Games. LADWP, Southern California Edison, and SoCalGas will work through how disruptions to pipelines, distribution, and transmission facilities might unfold, and how cross-sector teams keep critical services running.

Liberty Eclipse puts operators in live cyber and physical defense scenarios against simulated attacks. Last year's exercise included the oil and natural gas subsector for the first time, exploring the petroleum-electric interdependencies directly.

CyberStrike rounds out the portfolio with hands-on OT defense training delivered by Idaho National Laboratory, using tabletop models of ICS equipment and scenarios built from prior real-world attacks.

These programs matter. In DOE's words, exercises test plans under pressure, identify vulnerabilities before adversaries do, and build the muscle memory needed to respond when real incidents occur.

What does pre-positioning actually buy an attacker?

Access that keeps working. A foothold is only valuable if what the attacker harvested today still works next month, and static credentials give it exactly that shelf life. Passwords, certificates, and keys that persist for months or years turn a single intrusion into a durable option the adversary can exercise at a time of their choosing.

More than 40% of reported attacks involve stolen PKI credentials. In OT the picture is starker: many devices authenticate nothing at all, and those that do rely on credentials nobody refreshes. Pre-positioning is a bet that stolen access ages well.

Resilience can't stop at the exercise

Drills determine how fast you respond. Architecture determines what the attacker's foothold is worth when that day comes. If every session between controllers, gateways, and operator stations is independently verified with keys that refresh each session, pre-positioned access stops maturing. Whatever was harvested last quarter is worthless today. That is Zero Trust applied at the protocol layer, with no standing privileges left to hold at risk.

This is the gap Autonomous Key Management™ fills in environments where PKI was never viable. AKM runs in under 100kb on constrained industrial devices, operates air-gapped with no certificate authority dependency, and refreshes quantum-resilient symmetric keys with every session, autonomously. Provision once, runs forever. The adversary may still find a way into the network. What they cannot do is hold yesterday's credentials against tomorrow's operations.

DOE is right to drill like the intrusion already happened. Operators should build like it too.

About AKMSecure

AKMSecure delivers a patented Autonomous Key Management™ protocol built to replace outdated PKI approaches with a dynamic, quantum-secure, air-gapped-capable architecture. Instead of relying on persistent credentials that can be stolen, reused, or abused, AKM enables independently verified sessions with no standing privileges left behind. The result is a model that better aligns with Zero Trust principles, reduces certificate-based risk, and supports resilient operations across enterprise IT, OT and Tactical Edge environments. Built to NSA-grade security standards and deployable as a lightweight SDK, AKMSecure helps organizations modernize trust at the protocol layer without rebuilding everything around it.

Share

Stay Ahead of Emerging Threats

Subscribe to our weekly threat briefing. No spam — just actionable cybersecurity intelligence.