The US Department of Energy (DOE) has rolled out a new pilot program that aims to expedite the identification of and sharing of information on cyberthreats affecting operational technology (OT) systems in the energy industry.
DOE unveiled the program on December 3, saying that its Office of Cybersecurity, Energy Security, and Emergency Response (CESER) was launching the program in collaboration with Electricity Information Sharing and Analysis Center (E-ISAC), a division of the North American Electric Reliability Corporation (NERC). In a statement, it identified the joint OT initiative as the CRISP Essence Integration Pilot to secure OT systems.
It also explained that the purpose of the program was to integrate the Cybersecurity Risk Information Sharing Program (CRISP), which has been managed by E-ISAC since 2014, with the Essence OT sensor platform. Both the Pacific Northwest National Laboratory (PNNL) and the National Rural Electric Cooperative Association (NRECA) – the developers of CRISP and Essence, respectively – will be involved with the initiative, it said.
Information-sharing and real-time threat detection
According to DOE, the integration of CRISP and Essence will enhance information-sharing capabilities in the energy sector and also make it possible to identify cyberthreats more rapidly.
CRISP is well suited to information-sharing, as it “leverages DOE’s unique intelligence capabilities, expertise, and advanced threat detection technologies to collect, analyze, and distribute actionable threat information to the energy sector,” the statement said. (Additionally, it noted that the program already covered around 75% of all electricity customers within the United States.) Essence, meanwhile, uses “advanced deep packet inspection and unique grid physics determination capabilities” to detect cyberthreats and anomalies that pose risks to industrial control systems (ICS) in real time and secure OT systems.
Together, the department said, CRISP and Essence will be able to capture both raw and refined data from OT systems and then analyze it in conjunction with CRISP’s data on information technology (IT). In turn, the resulting analyses will ease the process of identifying potential cyberthreats and informing industry stakeholders of new developments.
Addressing the vulnerabilities of connected OT systems
Nick Andersen, the principal deputy assistant secretary of CESER, described the pilot program as a much-needed effort to address the vulnerabilities resulting from the expanding use of connected OT systems.
“As the energy sector undergoes rapid digital transformation and IT and OT systems converge, ICS are in a generational flux,” he said. “The data gleaned from this pilot will help us close the information gap to rapidly detect and mitigate even the most dangerous ICS threats.”
Andersen also stressed that the stakes were high, given the critical role that electricity providers play in ensuring social and economic functions. “The American public depends on ICS to provide essential services. If these systems are at risk, the effects could be devastating,” he remarked.
He also indicated that the CRISP Essence Integration Pilot was designed to help secure electricity networks across the entire country by expediting the identification of and sharing of information on cyberthreats affecting OT systems in the energy sector. “This new pilot reflects DOE’s continued commitment to protect the nation’s electric grid and secure our power supply,” he said.
Bringing public-sector and private-sector actors together
The DOE statement was published several days after NERC disclosed other details of the pilot program.
In its own statement, NERC indicated that five utility members of NRECA would be participating in the CRISP Essence Integration Pilot. It did not name those utilities, but it said that E-ISAC would use CRISP and Essence to “integrate the analysis of email and website traffic data to improve the identification and mitigation of broader cyber threats” to the owners and operators of energy-sector infrastructure.
It also noted that the CRISP Essence Integration Pilot would complement another program designed to expand the use of CRISP. This second pilot project will use OT sensors that have already been installed by PNNL at power plants and related facilities to “identify anomalous or potentially malicious cyber behavior,” it said.
Frank Honkus, E-ISAC’s associate director for intelligence programs and CRISP manager, said the pilot programs demonstrated the benefits of collaboration between public-sector and private-sector interests in the energy industry. “CRISP is a unique capability for utilities, providing threat and trend analysis that participants cannot get anywhere else,” he commented. “The pilots and the strong public–private partnership with DOE and PNNL ensure that CRISP continues to evolve to meet emerging threats to industry.”
Honkus also asserted that the pilot projects would help strengthen the security of the US power sector. “These pilots will help the E-ISAC meet its core responsibility of advising utilities on the detection and mitigation of industrial control system threats from the most advanced and persistent international adversaries,” he said.