The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nation's vulnerable energy supply.
The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost.
The security of energy supply systems which includes supervisory control and data acquisition (SCADA) and other types of industrial control systems has been a hot topic particularly since 2010 when Stuxnet malware surfaced. Stuxnet malware specifically targeted SCADA systems and was successfully used to damage uranium enrichment centrifuges at Iran's nuclear plant in Natanz.
The DOE said it wanted to focus research and development of these new tools on six critical areas including:
Energy delivery control system software and updates: Develop techniques needed to formally verify that an update or patch will perform exactly as intended, do nothing unexpected and that the update does not compromise energy delivery system integrity, authenticity and availability. The solution must accommodate third-party and legacy components; be scalable so that updates can be securely deployed to multiple devices; provide a means for devices that require updates to communicate this status to the energy sector end-user and must not impede critical energy delivery functions. The technology and techniques must be demonstrated at an end-user site to validate a clear industry acceptance.
Responding to intrusions: Demonstrate technology or techniques needed to perform a comprehensive analysis of the root cause, extent, and consequence of an ongoing cyber intrusion in an energy delivery system. A comprehensive analysis often requires all cyber assets to be evaluated for possible compromise, and cyber assets to be taken offline during this process. However, energy delivery control systems are comprised of complex network architectures that may contain hundreds of specialized cyber components and may extend across wide geographic regions. This picture is becoming increasingly complex as the energy sector brings in technologies such as mobile and cloud computing, plug-in-hybrid vehicles, phasor measurement units and millions of smart meters. Also, reliable and safe energy delivery requires that energy delivery control system components remain available at all times to sustain critical functions. The technology or technique must be scalable to accommodate energy delivery system architectures of various size and configuration, must not impede critical energy delivery functions and must be demonstrated at an end-user site to validate a clear industry acceptance.
Detecting problems: Develop technology or techniques to detect the presence of undesired activity inserted upstream in the supply-chain that could compromise the integrity of energy delivery system components. The research can consider one or more of hardware, firmware or software, including third party. The technologies and techniques will be used by the vendor during component development, and may include the capability for continuous detection during operation at the energy asset end-user installation. The technology and techniques must be demonstrated at an end-user site to validate a clear industry acceptance.
Secure remote access: Build technology to provide secure remote access capability, such as but not limited to cryptographic key management offerings. Secure remote access to field devices is necessary to perform timely maintenance, retrieve data and update firmware. Legacy field devices that typically have limited bandwidth and computational resources, reside in the same architecture with modern devices that are equipped with more advanced communication and computational capabilities and that may number in the millions, such as smart meters. The technology must be scalable to energy delivery system architectures of various size and configuration; interoperate across diverse communications media and protocols in the energy sector, including legacy as well as current day devices; accommodate legacy device bandwidth and computational constraints; and not impede critical energy delivery functions.
Responding to threats: Develop technology to detect and respond, as appropriate, to adversarial cyber activity that seeks to evade detection by exploiting expected and allowed operation of power grid components. For example, malicious manipulation of energy sector communications may use an expected protocol and request an action that the recipient local power grid devices were designed to perform but that action may be undesired in the larger operational context of the bulk power grid. This technology should not impede critical energy delivery functions.
Offer innovation: The 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity provides a strategic framework that directs research and development of cybersecurity solutions for the energy sector. The energy sector cybersecurity landscape is dynamic. New technologies are being rapidly deployed and legacy technologies are being used in ways that were not previously envisioned, introducing new security considerations. This project requests a proposal that identifies, and proposes a technical solution to address, a research gap that, if addressed, could enhance coverage of the Roadmap goals.
That Roadmap also details the myriad challenges the DOE faces in securing the nation's energy supplies. From the report:
- § Limited knowledge, training, understanding, and appreciation of energy delivery systems security risks inhibits security actions within the energy sector. There is also an incomplete understanding of the cost of decisions and system resilience in terms of failure modes and vulnerabilities. Current risk assessment capabilities fall short of determining the effects of each cost decision on system resilience in terms of failure modes and vulnerabilities.
- § While standards have helped to raise security to a baseline level across the energy sector, some standards remain unclear or too broad, or may have prompted utilities to use less advanced security measures to meet requirements. In addition, a rapidly changing risk environment means standards compliance today may not be sufficient tomorrow.
- § Improving security comes at a cost, and demonstrating direct line benefits to an energy organization is difficult. Without the occurrence of a catastrophic cyber incident or a strong business case, public and private partners will continue to have limited time and/or resources to invest in partnership efforts.
- § The increasing sophistication of cyber intrusion tools and complexity of energy delivery systems makes it difficult for asset owners and operators to recognize an incident once it is under way. The use of automated intrusion detection systems and applications have the potential to introduce serious operational issues.
- § Executives, the public, and even organizations within the utility still lack a full understanding of energy delivery system vulnerabilities and the potential consequences of an incident. The limited exchange of threat and incident information prevents the sector from compiling the evidence it needs to build a compelling business case to increase private investment in energy delivery systems security. Credible, actionable, and timely information is also essential to ensuring that the energy sector can adequately mitigate energy delivery system vulnerabilities before adversaries can exploit them.
- § Belief that security standard compliance is sufficient for cybersecurity of energy delivery systems inhibits adoption of additional security measures
- § Secure coding practices are not uniformly enforced
- § Incomplete understanding of the cost of decisions and system resilience in terms of failure modes and vulnerabilities
- § Patching/fixing vulnerabilities in energy delivery systems can create new cyber risks.
Check out these other hot stories: