Cybersecurity for energy delivery systems has emerged as one of the Nation’s most serious grid modernization and infrastructure protection issues. Cyber adversaries are becoming increasingly targeted, sophisticated, and better financed. The energy sector must research, develop and deploy new cybersecurity capabilities faster than the adversary can launch new attack tools and techniques.
The goal of the U.S. Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE) National Supervisory Control and Data Acquisition (SCADA) Test Bed (NSTB) program is to enhance the reliability and resiliency of the Nation’s energy infrastructure by reducing the risk of energy disruptions due to cyber attacks. A key part of the program is SCADA system vulnerability analysis that identifies and provides mitigation approaches for vulnerabilities that could put these systems at risk. A cybersecurity vulnerability is a weakness in a computing system that can result in harm to the system or its operation, especially when this weakness is exploited by a hostile actor or is present in conjunction with particular events or circumstances.
This Vulnerability Analysis of Energy Delivery Systems report describes common vulnerabilities found in assessments performed from 2003 to 2010 by Idaho National Laboratory (INL) on behalf of the DOE/OE NSTB program. The purpose of this report is to provide recommendations to the SCADA vendor and/or owner to identify and reduce the risk of these vulnerabilities in their systems.