As Principal Deputy Assistant Secretary Patricia Hoffman discussed in her recent blog post on National Cybersecurity Awareness Month, preparedness is one of the three priority areas for the Office of Electricity Delivery and Energy Reliability’s (OE) cybersecurity program. Our preparedness activities address situational awareness and information sharing, and risk analysis. OE works closely with energy sector owners and operators to better detect risks and mitigate them more rapidly by fostering industry assessment capabilities, developing operational threat analysis tools, and working with the intelligence community to better share actionable threat and intelligence information. We collaborate with government and private sector partners to develop technologies, tools, exercises, and other resources to assist the energy sector in evaluating and improving their security posture, practices, and readiness. Because of the highly-dynamic technology and threat environment, effective cybersecurity practices require a continuous and comprehensive assessment of threats, identification of system vulnerabilities, strengthening and sharing of recognized security practices, and analysis of the impact of cyber events on the energy infrastructure. Timely bi-directional sharing of cyber threat information between the energy sector and government helps to determine the severity, scope, and nature of threats and rapidly develop needed mitigations.
Earlier this month, I participated in a workshop that provided a forum for sharing lessons learned and updates on the Cybersecurity Risk Information Sharing Program (CRISP), our innovative real-time information sharing capability that DOE developed by working directly with electric utilities. Using sensors on their IT networks, utilities share threat data in real time with the CRISP program, which conducts state-of-the-art analysis using both unclassified and classified tools to identify threat patterns across the industry. The analysis results in timely, actionable alerts for the sector, and site-specific threat briefings to participants when necessary. DOE transitioned CRISP management to the private sector in 2014, and it is now managed by the Electricity Information Sharing and Analysis Center (E-ISAC). More than 26 utilities now participate nationwide, representing 75% of electricity customers. Sponsored by the E-ISAC, the workshop was attended by representatives from utilities that participate in CRISP.
During the workshop, I explained how we are now working on two efforts to advance CRISP capabilities. First, DOE and several National Labs are adding new tools and capabilities to the existing CRISP platform, and working with the U.S. Intelligence Community to enable direct analysis of CRISP data using a unique set of intelligence tools. The goal is to make CRISP alerts and mitigations faster and more valuable.
Second, we’re piloting an approach similar to CRISP in utilities’ complex operational technology (OT) environment. The Cybersecurity for the Operational Technology Environment program, or CYOTE, is a pilot with four utilities designed to allow two-way data sharing and analysis in OT networks. While CRISP supports analysis of the participant’s IT networks, CYOTE is designed to examine threats in OT networks, which manage and control the energy delivery system and could pose a major attack vector for energy disruptions. The program will help identify potential attack pathways and methods hackers could use to compromise utility OT systems. The pilots will determine if the concept is feasible, effective, and scalable to the larger industry.
The cybersecurity threat is rapidly evolving, and we are working diligently with our partners to stay ahead by changing the game. The CRISP and CYOTE programs are two important examples of how our strong government and industry partnerships are producing innovative approaches and real-world solutions for today’s environment. To learn more about the Department’s strategic and comprehensive approach to cybersecurity for the grid and oil and natural gas infrastructure, visit the cybersecurity section of OE’s website.
National Cybersecurity Awareness Month Blog Series
You can read the entire series of National Cybersecurity Awareness Month blog posts by clicking on the individual blog titles below.