Global technology supply chains have evolved to be increasingly diverse and complex, changing the overall risk for energy systems. To secure the most critical parts of the nation’s future energy infrastructure from the threat of a supply chain compromise – whether from intentional actions, technical vulnerabilities, or simply poor-quality control – the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) leads the Cyber Testing for Resilient Industrial Control Systems™ (CyTRICS) program, DOE’s cybersecurity vulnerability testing and enumeration program for priority energy system component software and firmware.

Through the CyTRICS program, CESER leverages the testing and analysis capabilities of the DOE National Laboratories ecosystem to confirm the security of the software and firmware of components used across the energy sector. CESER leads lab teams to test vulnerabilities, share information with manufacturers to develop mitigations, and alert industry stakeholders using impacted components so they can address flagged issues in their deployed systems. Researchers prioritize components with high impact, prevalence, and national security interest for testing and analysis. 

Learn more about CyTRICS from our lab partners:

To consistently and efficiently deliver findings that support its national security mission, the CyTRICS program takes a standardized approach across its key elements, including:

• A standardized testing process to produce consistency and compatibility, no matter where testing takes place, 
• A standardized format to report vulnerabilities and enumeration to the CyTRICS database for sector-wide analysis, and 
• A standardized vendor agreement to generate joint action on vulnerability disclosure and mitigation 

As the CyTRICS program grows, findings will be collected and normalized within a comprehensive database. Access to the database will be shared among participating Labs, industry stakeholders, and equipment vendors to ensure managed and timely disclosure of vulnerabilities identified during testing. Accrued results will be available for advanced analytics to better assess sector-wide vulnerabilities and direct proactive mitigation efforts.

As stated in the May 2020 Executive Order on Securing the United States Bulk-Power System, electricity and other forms of energy “support our national defense, vital emergency services, critical infrastructure, economy, and way of life.” Through the CyTRICS program, CESER is securing energy – and all it is supports that is so vital to the American way of life – by ensuring the integrity and reliability of critical system components nationwide.