The United States Department of Energy (DOE) has awarded $34 million in funding for projects aimed to protect the U.S. power grid against digital attacks. The 12 projects are still waiting congressional approval. If given the green light, they will proceed across nine states through the Energy Reliability’s Cybersecurity of Energy Delivery Systems (CEDS) program. As the DOE explains in its Award Selections for the Development of Next Generation Cybersecurity Technologies and Tools fact sheet (PDF):
"The twelve projects will enhance the reliability and resilience of the nation’s energy critical infrastructure through innovative, scalable, and cost-effective research, development and demonstration of cybersecurity solutions. These technologies are expected to have broad applicability to the U.S. energy delivery sector by meeting the needs of the energy sector in a cost-effective manner with a clear path for acceptance by asset owners and operators and through commercialization by solution providers."
Each project falls under one of five key focus areas:
-
Detection and response to digital attacks.Image
- Enhancing the security of renewable energy resources integrated into the power grid.
- Reducing the exposures of energy delivery systems to targeted attacks.
- Improving detection capabilities across the energy sector's supply chain.
- Proposing innovative solutions to help strengthen the power grid's security.
The DOE has slated various universities and private companies to take on its projects. For example, it's contracted with General Electric to develop an "automatic cyberattack anomaly detection and accommodation (ADA) system" to enhance power plant security in Niskayuna, NY. It's also brought on Intel for a project based in Fairfax, VA:
"Intel will develop a security architecture solution to securely connect energy infrastructure devices to the cloud to allow the devices to interact with each other. Intel will demonstrate that the cyber-attack surface of energy delivery control systems can be continuously and autonomously reduced in a way that does not impede normal critical energy delivery functions."
News of this program is no doubt in part motivated by the December 2015 malware attack against the Ukrainian power grid. By getting ahead of the ball and investing in solutions now, the DOE hopes to avoid similar attacks in the United States. What do you think about these initiatives? Is the DOE focusing on everything that it should be? Is anything missing? Let us know in the comments!
