Attacks and Vulnerabilities
Critical infrastructure
Malware, Phishing & Ransomware
News
System Design & Architecture
Threat Landscape
Utilities: Energy & Power, Water, Waste

DOE launches CyOTE tools for enhanced OT cybersecurity, supports risk-informed cybersecurity decision-making

December 13, 2023
DOE launches CyOTE tools for enhanced OT cybersecurity, supports risk-informed cybersecurity decision-making

The U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) has introduced a set of new tools as part of its Cybersecurity for the Operational Technology Environment (CyOTE) research program. These tools were showcased and received feedback from industry partners during a live demonstration session held at the Idaho National Laboratory (INL) last month.

Training energy asset owners and operators on using CyOTE tools plays a pivotal role in improving resilience by building trust among stakeholders through comprehensive understanding and demonstration of the tools. They also help speed up the development of cybersecurity solutions through public-private collaboration and reduce the risk of cyber-attacks through a comprehensive threat-informed operational technology (OT) cybersecurity approach. 

CESER, through the CyOTE program, is leading a research partnership with INL and the energy sector to develop tools and capabilities for monitoring and detecting indicators of attack within OT networks. The program focuses on developing tools to detect indicators of cyber attacks within OT environments. CyOTE tools enable asset owners to take mitigating measures by providing timely alerts and actionable information. 

Additionally, the CyOTE program directly supports the Biden-Harris Administration’s goals for securing the critical energy infrastructure and enhancing the resilience of the energy sector. It also promotes collaboration between the government and private sector to accelerate the development and deployment of new cybersecurity technologies.

CyOTE’s newest tools in the technology readiness assessment phase include CyOTE Executive’s Dashboard which translates information from a comprehensive database of indicators from 27 publicly reported cyber attacks to offer valuable, actionable insights honed for high-ranking decision-makers. Focused on quick access to critical data, this dashboard equips vice presidents of engineering or chief information security officers (CISOs) with the foundational awareness and understanding they need to fortify their OT security posture. 

It also covers the Operational Process for Trigger Identification and Comprehension (OPTIC) Tool, which helps users determine the appropriate action to a cyber attack or threat by guiding professionals through more than 65,000 possible decision paths about the event. When leveraged across an entire organization, OPTIC improves cyber awareness and communication of events, identifying potential threats earlier and sharing information across business units.  

The Collection and Analysis of Telemetry for CyOTE Heuristics (CATCH) provides a structured approach to collecting, storing, analyzing, and reporting data about cyber threats and activities. It gathers information from two key toolsets, Collection Engines, and Analysis Modules, to analyze telemetry data and identify potential threats.  

The Bayesian Attack Model (BAM) outlines the progression of a cyber attack across the Early, Middle, Late, and Impact phases. It centers around the cyber attack process and explains the tactics, techniques, and procedures relevant to each stage. A defining component of BAM is its ability to correlate historical events and adversary techniques leveraged over years of cyber attacks. 

Since its inception, the CyOTE program generated over 4,000 pages of information and 14,000 indicators that can be used to inform a strong OT cybersecurity posture. The CyOTE Ontology makes it easier for organizations to use this data by leveraging technologies such as Deep Lynx, a data warehouse, to maintain accurate, relevant, and simplified data. 

In October, CESER conducted its CyberStrike program, a simulated real-world cybersecurity event training in Hawai’i. The program leverages lessons learned from the novel critical infrastructure cyber attacks in Ukraine and the expertise of cyber professionals versed in this challenging area to enable participants to better understand the entry points for cyber attacks, especially on OT within energy systems, and prepare to identify and respond to potential attacks in the future.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings