CESER’s Infrastructure Hardening and Technology Development division is responsible for a range of defensive programs including Cyber Testing for Resilient Industrial Control Systems (CyTRICS) for supply chain security and Cyber-Informed Engineering (CIE) for engineering cyber risks out of energy systems. This work spans operational and informational technology (OT/IT) while simultaneously building the future of the sector through workforce development.
Areas of Focus
Global technology supply chains have evolved to be increasingly diverse and complex, changing the overall risk for energy systems. To secure the most critical parts of the nation’s future energy infrastructure from the threat of a supply chain compromise – whether from intentional actions, technical vulnerabilities, or simply poor-quality control – the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) leads the Cyber Testing for Resilient Industrial Control Systems™ (CyTRICS) program, DOE’s cybersecurity vulnerability testing and enumeration program for priority energy system component software and firmware.
The RMUC Program supports critical investments to harden utility systems, deliver crucial technical assistance, and provide cybersecurity training to the utility workforce. These investments will result in a more secure and resilient energy grid that is better prepared to match the challenging cybersecurity threats facing electric utilities.
CESER's strategy to address the energy sector cybersecurity workforce shortage is rooted in training and workforce development programs. CESER's objectives are to increase the availability of a skilled cybersecurity workforce ("pipeline"), to amplify sector workforce opportunities, and to develop efforts aligned with "re-skilling" existing employees to emerging technology and cybersecurity roles. Combined, these efforts will grow bench strength, depth in numbers, and build cyber resiliency.
CESER leverages the testing and analysis capabilities of the DOE National Laboratories ecosystem to confirm the security of the software and firmware of components used across the energy sector. CESER leads lab teams to test vulnerabilities, share information with manufacturers to develop mitigations, and alert industry stakeholders using impacted components so they can address flagged issues in their deployed systems. Researchers prioritize components with high impact, prevalence, and national security interest for testing and analysis.
Cyber-Informed Engineering (CIE) is an emerging method to integrate cybersecurity considerations into the conception, design, development, and operation of any physical system, energy or otherwise, to mitigate or even eliminate avenues for cyber-enabled attacks. CIE concepts use design decisions and engineering controls to prioritize defense against the worst possible consequences of cyberattacks facing critical infrastructure systems and asset owners.
A list of fact sheets from CESER's various tools and technologies.