Getting Serious About Cybersecurity
By Jim Vess
Threats to the nation’s electric grid will never go away. In the first half of this year, the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 108 cyber incidents impacting critical infrastructure in the United States, with the energy sector having the most reported incidents. According to ICS-CERT, a third of the 245 reported cyber incidents in industrial control systems that happened in 2014 occurred in the energy sector. In the Cybersecurity Issues for the Bulk Power System congressional report, the National Security Agency reported that it has seen intrusions by entities capable of taking down control systems that operate the U.S. power grid.
The Department of Energy (DOE), working with university researchers and utilities, is striving to make energy delivery systems in the U.S. more secure from and resistant to cyberattacks.
Researchers from five universities and a utility are working together as part of the DOE Center for Securing Electric Energy Delivery Systems (SEEDS) to will address vulnerabilities and challenges in delivery systems of the U.S. power grid. The team’s goal is the protection of core power grid controls and operations by building security and privacy protection into components and services. This project was made possible by a $12.2 million award from DOE with $3.1 million in matching funds from the research participants. The team consists of researchers from Florida International University, the University of Arkansas at Fayetteville, the University of Arkansas at Little Rock, Carnegie Mellon University, and Lehigh University. Arkansas Electric Cooperative Corporation will serve as an industry partner.
Recently, DOE selected the University of Illinois at Urbana-Champaign to lead a consortium of 11 universities and national laboratories in a new five-year, $28.1 million initiative that will develop cyber-resilient energy delivery systems for the electric power and oil & gas industries. The Cyber Resilient Energy Delivery Consortium (CREDC) will focus on improving the resilience and security of the cyber networks that serve as the backbone of the infrastructure that delivers energy to the nation – the power grid and oil & gas pipeline systems. CREDC includes researchers from Argonne National Laboratory, Arizona State University, Dartmouth College, the Massachusetts Institute of Technology, Oregon State University, the Pacific Northwest National Laboratory, Rutgers University, Tennessee State University, the University of Houston, and Washington State University.
The ultimate goal of CREDC is to create a pipeline to applied research and development, which will result in resilient technology that is effective and affordable and can be implemented quickly on energy delivery systems. Also, CREDC will examine the business aspects of cyber resiliency. A major impediment to more resilient systems could be the cost of upgrading legacy equipment. Researchers will analyze the return on investment in new technology and design models that will help businesses choose the most cost-effective and high-impact solutions.
“The challenges of the next five years are not fully understood,” said Carl Hauser, associate professor of electrical engineering and computer science at Washington State. “CREDC is a long-term commitment by the Department of Energy to find the problems and solve them.”
While a recent survey by BRIDGE Energy Group shows that many utilities are struggling to meet NERC CIP v5 requirements by an April 2016 deadline, DOE is serious about providing the U.S. energy industry with the technology and knowledge to make their systems more secure and resistant to cyberattacks.
For more about cyber security, check out EUCI’s Fundamentals of Cybersecurity for Utilities course November 2-3 in Chicago.