Department of Energy Missions and Functions:
The department is one of national significance, with a charter to “advance the national, economic, and energy security of the United States; to promote scientific and technological innovation in support of that mission; and to ensure the environmental cleanup of the national nuclear weapons complex. The Department’s strategic goals to achieve the mission are designed to deliver results along five strategic themes:
- Energy Security: Promoting America’s energy security through reliable, clean, and affordable energy
- Nuclear Security: Ensuring America’s nuclear security
- Scientific Discovery and Innovation: Strengthening U.S. scientific discovery, economic competitiveness, and improving quality of life through innovations in science and technology
- Environmental Responsibility: Protecting the environment by providing a responsible resolution to the environmental legacy of nuclear weapons production
- Management Excellence: Enabling the mission through sound management
The DoE has ventured into the following cyber realms
- Computer Incident Response Team
- Network Security Team
- Public Key Infrastructure
- Security Configuration Management
- facilitate DOE implementation and management of security configurations
- support the development of security configurations
DoE has the National Nuclear Security Agency
27 American Recovery and Reinvestment Act projects under way that are funded by $5B allocated to US DoE. These projects are designed to improve the grid.
Funding request for Smart Grid R&D is $144M for FY 2011.
Cyber/Information Security Overview
Due to the huge impact the power grid has on everyday life, commerce, and the health and well-being of our nation, the DOE is heavily invested in cybersecurity.
The department is connected to the cyber activities of the entire national security establishment. It is also at the forefront of cyber R&D, and the high priority/high interest protection requirements of the DoE mission means it will always have cyber security needs that will be met.
Items of Interest
Smart Grid Security Challenge Highlighted in Report
The Energy Networks Association released a report that raised the need for a coordinated focus on cybersecurity as communications networks play a key role in smart grid development. A key finding was that government and network providers need a more “coherent and joined-up approach” to secure the smart grid. Smart grid development cannot be done without security in mind.
Do the DoE and ESnet have a problem on their hands?
The ESnet is a network that connects most of the DoE laboratories. Esnet is connected to the Oak Ridge National Laboratory, the Pacific Northwest National Laboratory, the Y12 National Security Complex and FermiLab (among others).
The PNNL closed their website and blocked all incoming traffic in the last week of June. While the attack might have complex, or it might have been a simple phishing attack, it is clear that our DoE labs will continue to be targeted. PNNL sees upward of 4M attacks a day on its external network daily. The ESnet is in dire need of continued protection – as these labs will be on the front line of smart grid and other critical infrastructure development.
5M Smart Meters Installed Nationwide
The US has a need for a reliable smart grid to better transmit and distribute electricity. We consume an ever growing amount of electricity and need a more efficient system. Modernizing the grid will enable the following:
- Improve reliability, especially as we face new complexities like two-way energy flow and cyber security challenges.
- Increase the overall efficiency of our generating, transmission and distribution system.
- Facilitate the growth of renewable energy sources like solar and wind, and enable electric vehicles and dispersed generation. The U.S. needs an electricity system that can automatically synchronize intermittent renewable energy sources with fossil energy generation and energy storage.
White House Announces Efforts to Build 21st Century Grid
White House introduces Policy framework for 21st Century Grid. This report is being promoted as a roadmap to ensure citizen benefits from electric infrastructure.
Specific public and private initiatives:
- $250 million in loans for smart-grid technology deployment as part of the US Department of Agriculture’s Rural Utility Service, which is focused on upgrading the electric grid in rural America
- The launch of Grid 21, a private-sector initiative to promote consumer-friendly innovations in the Nation’s electric system aimed at ensuring that all Americans have opportunities to benefit from the smart grid
- New commitments by the Department of Energy to focus on improving consumer access to their own energy information, including the development of a crowd-sourced map to track progress, a data-driven competition designed to harness the imagination and enthusiasm of America’s students to encourage home energy efficiency, and new EIA efforts to measure progress.
- Expanded partnerships to continue working with States and stakeholders, including an initiative to share lessons learned from Recovery Act smart grid investments, a series of regional peer-to-peer stakeholder meetings, and updated online resources available at: www.smartgrid.gov
- Continued progress on international collaboration to facilitate smart grid trade with the Asia-Pacific region. The United States Trade Representative and the National Institute of Standards and Technology (NIST) are working with the Asia-Pacific Economic Cooperation (APEC) forum to cooperate with other nations on smart grid interoperability standards, crucial to increasing market opportunities throughout the region, including for American firms.
- The formation of a Renewable Energy Rapid Response Team, co-led by the White House Council on Environmental Quality, the Department of Interior, and the Department of Energy, to improve Federal coordination and ensure timely review of proposed renewable energy projects and transmission lines, to ensure that renewable energy can power cities and towns across America, and to increase reliability and save consumers money by modernizing the grid.
Energy moving services to the cloud
These are the services Energy is moving to the cloud:
- Website Hosting
- Digital Certificate Security Services
- Grants Management
Electric co-ops take lead in cybersecurity next steps
National Rural Electric Cooperative Association (NRECA) released both to the industry and to other interested stakeholders a cybersecurity toolkit like no other in this industry to date. This toolkit includes a guide, a risk mitigation checklist and a step-by-step template. This toolkit is used in 23 electric cooperatives participating in a $68M cost-shared regional smart grid demonstration project.
May 2011 — Smart Grids called out for being “…not so smart”
Smart grids are being promulgated across the country — yet they are not yet being built with security standards in mind. It is essential that our critical infrastructures be protected by increased security.
Oak Ridge National Lab Hacked in Spear-Phishing Attack
Oak Ridge National Lab conducts classified and unclassified energy and national security work. Lab employees received spear-phishing emails April 7, came in through an IE zero-day vulnerability not patched by MSFT until April 12. This malware infiltrated the servers and laid low for over a week before it started to send data outside of the network. It is unknown exactly how much has been exfiltrated, but all this does is highlight the need for employee education as well malware protection.
Utilities bear heavy cost of securing infrastructure
Nation’s top intelligence officials from DHS, ODNI, CIA, FBI and other agencies expressed concern about the threats of cyberattacks on our national infrastructure. Cybersecurity experts and officials from Public and Private sectors need to get together to help secure the national infrastructure.
OIG audit found that cybersecurity standards approved by Federal Energy Regulatory Commission (FERC).
FERC is responsible for approving cybersecurity standards, as well monitoring the implementation of the standards. The audit thought that the implementation schedule was not timely, and focused on documentation rather than reducing risk to systems.
Finally, the OIG concluded, “Without improvements, the Commission may not be able to provide adequate oversight to ensure that cybersecurity vulnerabilities within the power grid are identified and mitigated.”
DoE official on Speaks on Stuxnet
Bill Hunteman, senior advisor for cybersecurity in DoE, “This is just the beginning,” that advanced hackers on Stuxnet “did all the hard work,” and that they have created the model that will be followed by copy cats.
US DoE awards super computer hours to energy research
The DOE says the 1.7 billion processor hours on are its largest total award ever — and let researchers use powerful computer simulations to perform virtual experiments that in most cases would be impossible or impractical in the natural world. The wards also reflect the growing sophistication of the field of computer modeling and simulation and the rapid expansion of supercomputing capabilities at DOE National Laboratories, the agency stated.
Sypris awarded $3.1M from DoE
Sypris Electronics, LLC, a subsidiary of Sypris Solutions, Inc., today announced that it has been selected by the U.S. Department of Energy (DOE) to receive $3.1 million of funding to develop a centralized cryptographic key management system to protect the nation’s electric power grids from cyber attacks. Sypris was one of eight institutions selected by the DOE to receive cyber security R&D project funding.
DoD + DoE to join together on Renewable Energy – Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS)
The Pentagon is attempting to create a project that will provide energy sources that are protected from cyber security attacks. The intent is to create an installation level “microgrid” that is separated from the traditional grid (and thus protected from standard attacks). SPIDERS will provide an option for important DoD and other secure facilities.
- SIEGate: Secure Information Exchange for Electric Grid Operations: The Grid Protection Alliance will research, develop, and commercialize a Secure Information Exchange Gateway (SIEGate) that provides secure communication of data between control centers. ($3,215,000)
- Least Privilege Architecture for Control Systems: Building upon previous DOE research, Honeywell will research, develop, and commercialize an architecture for critical systems that limits each operator’s access and control privileges to the appropriate level for their job function. ($2,203,653)
- Watchdog Project: Schweitzer will research, develop, and commercialize a device for the control system LAN that allows only trusted data sources and trusted communication patterns access the network. ($2,974,697)
- Whitelist Anti-Virus for Control Systems Project: Schweitzer will research, develop, and commercialize an anti-virus solution for control systems that prevents the execution of unauthorized code and maintains secure settings and configurations, to be integrated with Schweitzer Engineering Laboratories’ substation-hardened computers and communication processor. ($1,631,026)
- Padlock Project: Schweitzer will research, develop, and commercialize a low-power, small-size plug-in device, referred to as a “dongle,” that provides strong authentication, logging, alarming, and secure communications for intelligent electronic devices (IED) in the field. The dongle will detect physical tampering and inform the device developed in the Watchdog Project so that communications received from physically compromised IED are prevented from reaching the control system LAN. ($1,117,003)
- Development and Demonstration of a Security Core Component: Siemens will develop and demonstrate a near-real-time cyber and physical security situational awareness capability for the control system environment. It will provide the control center operator with a toolset and training capability to act aggressively as the front line defense against a cyber attack. ($3,153,293)
- Centralized Cryptographic Key Management: Sypris will research, develop, and commercialize a cost-effective capability to manage the numerous cryptographic keys assigned to smart meters and other remote devices to secure communications. It will be scalable to accommodate the millions of smart meters within the smart grid advanced metering infrastructure. ($3,141,187)
- Tools and Methods for Hardening Communication Security of Energy Delivery Systems: Telcordia will research vulnerabilities in energy sector communication protocols and develop mitigation approaches that harden these protocols against cyber attack while enforcing proper communications within energy delivery systems. ($3,019,158)
- EnergySec will strengthen electric sector cybersecurity by establishing a broad-based collaborative public-private partnership; develop cybersecurity solutions to enhance electric infrastructure reliability; provide a path for rapid response to national cybersecurity priorities; supply data analysis and forensics capabilities for cyber-related threat and event assessments; assist in creating a framework to identify and prepare for challenges to grid reliability; share information, best practices, resources, and solutions to and from domestic and international electric sector participants; and encourage key electric sector supplier and vendor support and interaction. EnergySec will form the organization to be known as NESCO. ($5,898,288)
- EPRI will conduct assessment and analysis of cybersecurity requirements and results from groups such as the National Institute of Standards and Technology (NIST) and the North American Electric Reliability Corp. (NERC). EPRI will assess existing power system and cybersecurity standards to meet power system security requirements and test security technologies in labs and pilot projects. This project, known as the National Electric Sector Cyber Security Organization Resource (NESCOR), will work collaboratively with NESCO. ($4,100,000)