CESER’s Cybersecurity for the Operational Technology Environment initiative (CyOTE™) is advancing actionable situational awareness for Operational Technology (OT) networks across the Energy Sector. By pairing the capabilities of the Federal Government with the vigilance and expertise of participating electric utilities, the CyOTE toolsets will provide an industry-led approach for securely analyzing and sharing indicators of cyberthreats to OT systems.
In contrast to programs for threat information sharing commonly used in the IT community, CyOTE recognizes the diversity of architectures among OT systems and puts the role of anomaly identification in the hands of participating asset operators. The operators who oversee the digital technologies that physically control their individual systems are best suited to determine when day-to-day anomalies in their data streams turn from indicating normal aberrations to signaling a potential threat. Rather than asking operators to share a constant, unfiltered data stream, CyOTE will ask operators to volunteer only data that they identify as a likely indication of intentionally induced behavior.
Upon receiving this information, CESER will leverage the unique analytics capabilities of its National Laboratories to assess the anomaly. If the anomaly is confirmed to be indicative of a threat, CESER will provide mitigation options directly to the affected operator and notify participating companies about the active threat, as well as share the indicators with the energy security community.
Through CyOTE, CESER looks to further its vision of secure and reliable energy delivery systems nationwide. For information on CESER’s other efforts to secure our Nation’s energy systems, visit our R&D for Energy Delivery Systems page.