CESER’s OT Defender Program focuses on value of information sharing, as OT Cybersecurity Coalition also expands

The Office of Cybersecurity, Energy Security, and Emergency Response (CESER) within the U.S. Department of Energy (DOE) has set up, funds, and leads a highly-selective education program called the Operational Technology (OT) Defender Fellowship. Offered by CESER, alongside the Idaho National Laboratory (INL), the OT Defender program provides its fellows with an exclusive, insider view of how the government functions. The Operational Technology Cybersecurity Coalition (OT Cyber Coalition) also added four new members since its April launch.

The program has been designed to give middle- and senior-level OT security managers in the energy sector an opportunity to learn about the strategies used to target U.S. energy infrastructure, and the cybersecurity tools and tactics that the federal government is using to counter them. 

Like the CESER’s OT Defender Program which concentrates on disseminating information between government and industry, the OT Cyber Coalition was also set up to work with government and industry partners, and advocate for vendor-neutral, interoperable, standards-based cybersecurity solutions. 

The four new members include 1898 & Co., ABS Group, Network Perception, and Waterfall Security Solutions, who will join the Coalition in its first membership expansion. The Coalition’s founding members include Claroty, Forescout, Honeywell, Nozomi Networks, and Tenable. They will work to build, protect, and defend industrial control systems (ICS) and critical infrastructure assets within the U.S.

“The addition of these companies to the Coalition shows the ever-increasing importance of securing operational technology and the need for organizations to contribute meaningful solutions and capabilities to improve the security of our most important infrastructure,” Andrew Howell, executive director of the OT Cyber Coalition, said in a media statement. “This marks the first step towards expanding the OT Cyber Coalition, and we look forward to continuing to grow to include additional partners over the coming months.”

“Now is the time to come together as a cohesive team of public and private sector defenders to protect the critical infrastructure that supports what matters most in our lives,“ Matt Morris, global managing director at 1898 & Co. Security & Risk Consulting, said. “We look forward to working with our OT Cyber Coalition partners to support government advocacy and initiatives on behalf of critical infrastructure industries and to embrace an open, interoperable approach to the collective defense of the nation’s critical infrastructure.”

“The OT Cyber Coalition is serving as a leading voice for operational technology,” Andrew Ginter, vice president of industrial security at Waterfall Security, said. “We look forward to joining the Coalition’s efforts to educate on how best to secure our nation’s critical infrastructure.”

“We are honored to be a member of the Operational Technology Cybersecurity Coalition, working alongside other OT cyber organizations who understand that we are better together,” Ian Bramson, global head for industrial cybersecurity at ABS Group, said. “Critical infrastructure is the engine that runs our nation. OT cybersecurity has become a business imperative and will require participation across the global supply chain as threats continue to rise.”

“Making our critical infrastructure cyber resilient by design is a complex multi-disciplinary mission that can only be achieved through next-level collaboration among diverse stakeholders,” Robin Berthier, CEO and co-founder at Network Perception, said. “We are excited to join the Coalition to help accelerate public-private dialogue and the adoption of open standards to best protect our nation’s critical assets.”

During the OT Defender fellowship, participants will build and enhance relationships between the energy sector and government cybersecurity managers, develop and learn about strategies to organize and consume information about cyberattacks, and gain a better understanding of the threats against critical infrastructure, including the potential for physical consequences. It also provides an opportunity to learn about capabilities for detection of, defense against, and recovery from cyberattacks, and equip themselves with actionable information, insight, and connections to apply in their roles post-fellowship.

During year-long cohorts of about a dozen participants at a time, these OT security managers have opportunities to collaborate with key stakeholders and partners, are shown how to better serve their organizations and the energy sector, and how to contribute to two-way information sharing between government and industry. 

The first cohort began last January and ran through March this year, and the second recently kicked off in April. Though the second OT Defender Fellowship Program cohort began recently, the team is already running at full speed to apply feedback from the first session. Prioritizing opportunities for bi-directional communication, initiating conversation, and promoting collaboration between industry, government, and stakeholder partners remain the primary goals for the next year.

The OT Defender Fellowship gives students access to advanced tools and technologies, and virtual meet-and-greets with cyber leaders. It also enables input from and conversations with partners that had been previously out of reach. 

Brian Marko, program manager of energy sector exercises and cyber training programs in CESER, said that he was “thrilled at how quickly barriers went down between the fellows as the program kicked off. They shared information willingly and freely, which shows that they really do see this as a collaborative opportunity, not competitive, even despite geographical dispersion and industry rivalry.”

“We’ll continue to make a point of putting our heads together and facilitating those connections between the fellows,” according to Marko. “When we really focus on how we can benefit from sharing information instead of competing amongst each other, it creates amazing results.”

“One of the things we heard throughout the year is they want time to hear from each other,” Jared Smith, program manager at the Cybercore Integration Center at INL, said. “They’ve got a strong desire for additional opportunities to collaborate outside of the program. Because of this resounding interest, we plan to facilitate more inter-session discussions and in-person engagements in the future.” 

That desire for interconnectedness highlights the real value of the program: it fosters closer partnerships between companies that might otherwise not have been working together as closely as they could, Smith added.

One fellow commented during program closeout, “This program provides a great overview of all the programs available to critical infrastructure. It also builds bridges and gets OT Defenders in front of policymakers in the ways other programs have not.”

In April, the CESER released its 2021 SLTT report that covers the various resources and initiatives for state energy security and resilience planning, advances in emergency preparedness, and strengthens coordination. The State, Local, Tribal, and Territorial (SLTT) Year in Review (YIR) report reveals that stakeholders were also engaged in various activities throughout last year, to enhance the security of energy infrastructure across the nation.

Last year, the U.S. launched an international strategy called CISA Global that joins with international partners to intensify defense against cyber incidents, enhance security and resilience of critical infrastructure, identify and address significant risks to national critical functions, and provide seamless and secure emergency communications.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.