The US Department of Energy today said it would spend $20 million on the development of advanced cybersecurity tools to help protect the nation's vulnerable energy supply.
The DOE technologies developed under this program should be interoperable, scalable, cost-effective advanced tools that do not impede critical energy delivery functions, that are innovative and can easily be commercialized or made available through open source for no cost.
The security of energy supply systems which includes supervisory control and data acquisition (SCADA) and other types of industrial control systems has been a hot topic particularly since 2010 when Stuxnet malware surfaced. Stuxnet malware specifically targeted SCADA systems and was successfully used to damage uranium enrichment centrifuges at Iran's nuclear plant in Natanz.
The DOE said it wanted to focus research and development of these new tools on six critical areas including:
Energy delivery control system software and updates: Develop techniques needed to formally verify that an update or patch will perform exactly as intended, do nothing unexpected and that the update does not compromise energy delivery system integrity, authenticity and availability. The solution must accommodate third-party and legacy components; be scalable so that updates can be securely deployed to multiple devices; provide a means for devices that require updates to communicate this status to the energy sector end-user and must not impede critical energy delivery functions. The technology and techniques must be demonstrated at an end-user site to validate a clear industry acceptance.
Responding to intrusions: Demonstrate technology or techniques needed to perform a comprehensive analysis of the root cause, extent, and consequence of an ongoing cyber intrusion in an energy delivery system. A comprehensive analysis often requires all cyber assets to be evaluated for possible compromise, and cyber assets to be taken offline during this process. However, energy delivery control systems are comprised of complex network architectures that may contain hundreds of specialized cyber components and may extend across wide geographic regions. This picture is becoming increasingly complex as the energy sector brings in technologies such as mobile and cloud computing, plug-in-hybrid vehicles, phasor measurement units and millions of smart meters. Also, reliable and safe energy delivery requires that energy delivery control system components remain available at all times to sustain critical functions. The technology or technique must be scalable to accommodate energy delivery system architectures of various size and configuration, must not impede critical energy delivery functions and must be demonstrated at an end-user site to validate a clear industry acceptance.
Detecting problems: Develop technology or techniques to detect the presence of undesired activity inserted upstream in the supply-chain that could compromise the integrity of energy delivery system components. The research can consider one or more of hardware, firmware or software, including third party. The technologies and techniques will be used by the vendor during component development, and may include the capability for continuous detection during operation at the energy asset end-user installation. The technology and techniques must be demonstrated at an end-user site to validate a clear industry acceptance.
Secure remote access: Build technology to provide secure remote access capability, such as but not limited to cryptographic key management offerings. Secure remote access to field devices is necessary to perform timely maintenance, retrieve data and update firmware. Legacy field devices that typically have limited bandwidth and computational resources, reside in the same architecture with modern devices that are equipped with more advanced communication and computational capabilities and that may number in the millions, such as smart meters. The technology must be scalable to energy delivery system architectures of various size and configuration; interoperate across diverse communications media and protocols in the energy sector, including legacy as well as current day devices; accommodate legacy device bandwidth and computational constraints; and not impede critical energy delivery functions.
Responding to threats: Develop technology to detect and respond, as appropriate, to adversarial cyber activity that seeks to evade detection by exploiting expected and allowed operation of power grid components. For example, malicious manipulation of energy sector communications may use an expected protocol and request an action that the recipient local power grid devices were designed to perform but that action may be undesired in the larger operational context of the bulk power grid. This technology should not impede critical energy delivery functions.
Offer innovation: The 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity provides a strategic framework that directs research and development of cybersecurity solutions for the energy sector. The energy sector cybersecurity landscape is dynamic. New technologies are being rapidly deployed and legacy technologies are being used in ways that were not previously envisioned, introducing new security considerations. This project requests a proposal that identifies, and proposes a technical solution to address, a research gap that, if addressed, could enhance coverage of the Roadmap goals.
That Roadmap also details the myriad challenges