Washington, D.C. - Today, the Department of Energy (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) released two resources to support the implementation of several strategic recommendations from the. This strategy, developed by the Securing Energy Infrastructure Executive Task Force at the direction of Congress, provided recommended actions to enable the energy sector to lead the nation in incorporating CIE by proactively building cybersecurity into the design of infrastructure systems.
"The National CIE Strategy provides a critical framework for the delivery of a more secure and resilient energy sector in the United States," said Puesh Kumar, Director of CESER. “The new resources will enable practitioners across the sector to actively pursue a secure-by-design approach to the energy systems of the future."
The U.S. energy sector is leading the way in secure-by-design approaches to critical infrastructure cybersecurity, positioning a more secure future for America’s energy infrastructure. To support a shift of this magnitude in energy infrastructure design and operations, CESER, Idaho National Laboratory (INL), and the National Renewable Energy Laboratory (NREL) engaged with industry stakeholders to determine critical considerations to implement design-level mitigations for cybersecurity vulnerabilities. CESER developed two resources from this outreach initiative that support energy partners at the forefront of implementing CIE across the sector:
* CIE Resource Library : The CIE Resource Library consists of tools, case studies, and lessons which will continue to support designers, manufacturers, and asset owners and operators in applying CIE principles. CESER also cataloged DOE-led CIE research spanning a decade, including work from a variety of sources and applications of CIE. As future research on CIE is produced, this library will highlight advanced implementation insights and lessons learned.
* CIE Implementation Guide : The CIE Implementation Guide outlines questions engineering teams should consider during each phase of a system’s lifecycle to employ CIE principles. The guide is geared toward supporting engineers who design, build, operate, and maintain the physical infrastructure; they are best positioned to leverage CIE to diminish the severity of cyber attacks or digital technology failures during the system’s engineering design.
“A decade of DOE research in critical infrastructure vulnerability analysis has resulted in the CIE Implementation Guide," said Zach Tudor, Associate Laboratory Director - National & Homeland Security S&T at INL. “This broadly consumable analysis tool guides identification and mitigation of cyber vulnerabilities in the design of energy systems before they become critical infrastructure."
“Cybersecurity for critical infrastructure is evolving rapidly, to keep pace with our rapidly evolving systems and technologies. This is why it is crucial that we think about cybersecurity from the start, injecting it into the design of these systems," said Juan Torres, Associate Laboratory Director, Energy Systems Integration at NREL. “The CIE Implementation Guide provides engineers a framework to embed cybersecurity into system design through engineering decisions.
These materials will be shared at a CIE Practitioner’s Workshop, hosted by Auburn University on September 6. Attendees of this live virtual event will learn from experienced industry practitioners as they discuss a variety of topics, such as applying CIE in industry, linking CIE with standards, and leveraging CIE in research and development. It also includes insights from DOE CESER, the Office of the National Cyber Director (ONCD), the national labs, and the Cybersecurity and Infrastructure Security's (CISA) Secure by Design initiative. This event is open to the public; register here.
The CIE Practitioner’s Workshop will be recorded, and its content will be shared during CESER’s celebration of National Cybersecurity Awareness Month in October.
CESER’s work in CIE is a key element in the broader, and these new resources further the nation’s defense of critical energy infrastructure against cyber attacks. Learn more about the National CIE Strategy and related work here.
Source: U.S. Dept. of Energy, Office of Cybersecurity, Energy Security, and Emergency Response