Energy Department looks to build cyber threat detection platform for electric grid

The Energy Department is planning to develop a common platform for detecting cyber threats across the nation’s patchwork of electric utilities under a new plan galvanized by the bipartisan infrastructure bill and a cross-governmental effort to improve the security of critical operational systems.

The energy sector was the first to participate in a voluntary “Industrial Control Systems Cybersecurity Initiative” launched last year to help critical infrastructure operators adopt network monitoring tools for their industrial control...

READ MORE

The Energy Department is planning to develop a common platform for detecting cyber threats across the nation’s patchwork of electric utilities under a new plan galvanized by the bipartisan infrastructure bill and a cross-governmental effort to improve the security of critical operational systems.

The energy sector was the first to participate in a voluntary “Industrial Control Systems Cybersecurity Initiative” launched last year to help critical infrastructure operators adopt network monitoring tools for their industrial control systems. The initiative was formalized in a July 2021 national security memorandum on improving the security of critical infrastructure control systems.

The voluntary initiative has since been extended to the natural gas pipeline and water sectors, respectively.

Kate Marks, acting deputy assistant secretary for preparedness, policy and risk analysis at DOE, said the effort has sparked better communication between government and industry.

“We wanted to make sure that we were thinking about advancing the adoption of technologies and systems that would allow utilities in the electricity sector [to have] greater visibility into the networks that really control system operations, and help to improve all of our companies’ ability to detect, mitigate and respond to cyber threats,” Marks said during an event hosted by cybersecurity firm Dragos on Monday.

About 150 utilities covering the electricity needs of 90 million Americans participated in the initial 100-day sprint under last year’s pilot program, Marks said. She said DOE is now working on a broader strategy to secure an electric grid that is largely regulated at the state and local level.

“Now that we’ve moved beyond some of the building blocks that were established within those first 100 days, we’re really looking at implementing four key lines of effort in collaboration with industry,” she said.

DOE’s four-part approach involves continuing to encourage utilities to adopt monitoring technologies through “financial and other incentives,” she said. The agency is also establishing an Energy Threat Analysis Center to “share threat intelligence information across industry and government. And then really help to provide the appropriate context and situational awareness to better assess threats,” Marks said.

A longer term goal for the agency is developing a “common lexicon for data sharing,” as well as “a platform for government analysis across any sensor or technology,” she said

“Our hope, ultimately, is really that we’ll have the ability to have automated threat detection and response,” Marks added.

For now, however, much of the sector’s control systems monitoring needs appear to be underpinned by “Neighborhood Keeper,” a service provided by Dragos. The firm describes it as a “free, optional opt-in, anonymized information-sharing network” specific to industrial networks and available to Dragos customers.

Neighborhood Keeper was originally established following an award to Dragos through DOE’s cybersecurity program. The service has seen increased interest since the White House established the voluntary initiative for control systems last year.

During Monday’s event, Robert Lee, founder and chief executive of Dragos, said a “significant majority” of the electric utilities who participated in the pilot program turned to Neighborhood Keeper. Lee told Bloomberg last fall that his company monitors some 70% of the U.S. electric grid.

The company announced this week that both the Cybersecurity and Infrastructure Security Agency and the National Security Agency have joined Neighborhood Keeper as “trusted advisors.” The designation gives analysts at those agencies “the ability to view anonymized, aggregate information about threat analytics, vulnerabilities and indicators of compromise as they are detected,” according to Dragos.

“They can then share relevant threat intelligence back to members in Neighborhood Keeper in real time, thus enabling the greater infrastructure community to collectively defend itself against cyber adversaries,” the company said.

Mark Bristow, branch chief for cyber defense coordination at CISA, said his agency is working with “some other vendors to get similar agreements in place” beyond just Dragos.

“This is really partnering with other service providers like Dragos that have visibility platforms that we can tap into in this new and novel way, but allows our analysts to move up the timelines for their analysis and how they can scale that analysis,” Bristow said during Monday’s event.

Last year’s memorandum from Biden also directed the Department of Homeland Security and the National Institute of Standards and Technology to begin developing cross-sector cybersecurity performance goals for critical infrastructure control systems. The final cross-sector goals are due in July.

Marks said DOE is working with DHS and NIST on goals specific to the energy sector, as well.
She said DOE’s efforts will also be boosted by funding for energy sector cybersecurity in the recently passed bipartisan infrastructure law.

The package includes $250 million over five years for DOE to create a Rural and Municipal Utility Advanced Cybersecurity Grant and Technological Assistance Program to “improve electric utilities’ ability to detect, respond to, and recover from cybersecurity threats.”

It also authorizes funding for DOE to develop advanced cybersecurity applications and technologies for the energy sector, including $250 million over five years for a program to provide operational support to electric utilities in the form of threat intelligence, enhanced monitoring tools, and other technical assistance.

Marks mentioned DOE’s 17 national labs, as well as cybersecurity research at other agencies including DHS and the National Security Agency.

“We’re really working together to identify how we can push R&D, and make sure that companies like those that are on the line are really engaged in those efforts through different funding opportunities,” she said. “Just going back to the funding that might be available under the bipartisan infrastructure law, I think that’s really going to help us invest in these types of infrastructure. And I think we’ll see some great strides there.”

Related Stories

    Getty Images/iStockphoto/TraitovCybersecurity and secure nerwork concept. Data protection, gdrp. Glowing futuristic backround with lock on digital integrated circuit.

    After turbulent cyber year, agencies enter 2022 with fresh security crisis on hand

    Read more
    AP Photo/Ted ShaffreyColonial Pipeline storage tanks are seen in Woodbridge, N.J., Monday, May 10, 2021. Gasoline futures are ticking higher following a cyberextortion attempt on the Colonial Pipeline, a vital U.S. pipeline that carries fuel from the Gulf Coast to the Northeast. (AP Photo/Ted Shaffrey)

    Biden administration eyes mandates under new effort to improve critical infrastructure cybersecurity

    Read more