The Essence cybersecurity program initiated by the National Rural Electric Cooperative Association (NRECA) has been awarded US$3.9 million from the U.S. Department of Energy’s Pacific Northwest National Laboratory (PNNL). The award is the next step in a pilot partnership to expand cybersecurity information sharing and readiness announced by DOE last year.
The two-year, $3.9 million award will support the deployment of Essence cybersecurity program, an information and operational technology sensor platform created by NRECA with advanced capabilities to detect industrial control system (ICS) anomalies and threats with speed and precision.
The NRECA is a national trade association that represents close to 900 local electric cooperatives. From growing suburbs to remote farming communities, electric co-ops serve as engines of economic development for 42 million Americans across 56 percent of the nation’s landscape. As local businesses built by the consumers they serve, electric cooperatives have meaningful ties to rural America and invest $12 billion annually in their communities.
Last December, the Department of Energy (DOE) unit, Office of Cybersecurity, Energy Security, and Emergency Response (CESER) rolled out a pilot program with the North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center (E-ISAC) to pilot enhancements to the energy sector’s information-sharing capabilities and rapidly identify security threats to utilities across the nation.
In collaboration with E-ISAC, CESER launched the CRISP Essence Integration Pilot, a joint operational technology (OT) pilot with the Cybersecurity Risk Information Sharing Program (CRISP). The program also intends to integrate the CRISP program, which has been managed by E-ISAC since 2014, with the Essence OT sensor platform.
As part of the deployment process, Essence systems will be the first ones to connect to PNNL’s CRISP pilot, leveraging the DOE’s resources to analyze, and distribute actionable threat information to the energy sector.
Essence and CRISP will work in unison to pilot a heightened state of awareness, information sharing, and cyber-readiness between the electric sector and the federal government. These award funds build on a powerful and growing suite of NRECA’s cyber resources developed to support the electric industry’s work to stay ahead of evolving cyberthreats.
“Partnerships like this are vital as we work to keep the electric grid secure and reliable,” said NRECA CEO Jim Matheson. “As threats and threat actors evolve, electric cooperatives consistently work to improve their defense capabilities. Collaboration and cooperation are two strengths that co-ops draw on as they work together to implement cybersecurity solutions. America’s electric cooperatives look forward to working with DOE and PNNL in this expanded opportunity and we look forward to bringing our cooperative approach to this partnership.”
The Biden administration announced in April steps to safeguard U.S. critical infrastructure from persistent and sophisticated cyber threats. As a pilot of the Administration’s broader cybersecurity initiative planned for multiple critical infrastructure sectors, the DOE announced a 100-day plan to improve the cybersecurity of the nation’s electric infrastructure.
The coordinated effort between DOE, the electricity industry, and the Cybersecurity and Infrastructure Security Agency (CISA) will modernize critical electric infrastructure using cybersecurity defenses with aggressive milestones. It will also assist owners and operators to deliver better detection, mitigation, and forensic capabilities, and help meet cybersecurity threats faced by the nation’s electric system, apart from seeking feedback from stakeholders on protecting the critical electric infrastructure.
The NRECA is also set to work with an industry group and the Biden administration on a voluntary 100-day initiative to enhance national cyber threat detection, mitigation and forensic capabilities. Led by the White House National Security Council with support from the DOE and the Department of Homeland Security, the initiative’s first focus is on the industrial controls and operational technology systems of electric utilities with more than 50,000 customers.
“Federal agencies cite the need for enhanced cybersecurity technology options, driven by the growing risk to control systems and concern about the potential for adversaries to compromise systems essential to our daily lives,” said NRECA CEO Jim Matheson in a statement.
“Through NRECA’s role in the Electricity Subsector Coordinating Council, we are working closely with the federal government as it implements this initiative, including providing input on how the government can provide assistance to electric cooperatives to meet the objectives of enhancing cybersecurity in the electric sector.”
A bipartisan bill was also introduced last week by a group of US senators that will help boost electric grid security by incentivizing electric utilities to make investments in cybersecurity. The bill also establishes a DOE grant and technical assistance program for the deployment of advanced cybersecurity technology for utilities that are not regulated by the Federal Energy Regulatory Commission (FERC).