The US Department of Energy (DOE) released the National Cyber-Informed Engineering (CIE) Strategy to improve engineering training, tools, and practices to build cyber-resilient clean energy systems. The strategy emphasizes the early adoption of cybersecurity technology in systems designed to reduce cyber risks and vulnerabilities, especially threats from foreign actors.
In accordance with Congressional direction, the Securing Energy Infrastructure Executive Task Force (SEI ETF) led by the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) developed the CIE National Strategy, building on fundamental work developed at the Idaho National Laboratory.
“Building a powerful and resilient network that can withstand the full range of modern cyberthreats begins at the design level,” said Jennifer M. Granholm, US Secretary of Energy.
She added that through this strategy, the DOE is presenting a plan to ensure that the once-in-a-generation investment of the bipartisan infrastructure law protects the energy sector and provides a stronger, cleaner power grid.
The CIE National Strategy outlines the application of cybersecurity technology throughout the engineering design lifecycle of network development. It also ensures that automated grid systems are designed to be resilient and cyber-secure.
The strategy is structured around five pillars: awareness, education, development, current infrastructure and future infrastructure – and attempts to design cyber weaknesses to mitigate or eradicate them. Even if a cyberattack is successful, the CIE strategy aims to reduce the likelihood of disruptions to the nation’s critical energy infrastructure.
The National Defense Authorization Act for fiscal year 2020 directed the DOE to convene a cross-party task force, comprised of senior technical officials from across government, industry, academia, and laboratories DOE national teams to develop a new strategy to defend the nation’s energy infrastructure. against threats, vulnerabilities and cybersecurity risks in the most critical industrial control systems.
CESER created the Securing Energy Infrastructure Executive Task Force to lead the creation of the CIE national strategy, discover new classes of security vulnerabilities in industrial control systems, and assess the technology and standards used to secure energy infrastructure. industrial control systems.
Persistent cybersecurity barriers
The industrial control systems that power vital energy infrastructure are subject to increasingly severe and complex cyberattacks by tenacious adversaries. Energy systems must be designed to resist cyber penetration, exploitation, and misuse to prevent disruptions to the nation’s vital energy services.
Traditional engineering includes a substantial amount of security and failure mode analysis, but these risk management approaches rarely consider threats posed by an intelligent and capable adversary with the intent to deny, disrupt, or destroy. a critical function by cybernetic means. Most cybersecurity solutions are “bolted” towards the end of the engineering lifecycle, rather than being fundamentally designed into the system.
CIE is an emerging technique for integrating cybersecurity into the ideation, design, development and operation of any physical system with digital connectivity, monitoring or control. It uses design decisions and engineering controls to minimize or even eliminate cyber attack vectors or to mitigate the impact of an attack.
While specialized IT and operational technology cybersecurity experts bring strong cybersecurity capabilities to securing today’s energy systems, many engineers and technicians who design and operate these energy systems have no not the education and training to design cybersecurity systems from the start, similarly they design systems for security.