You are here

Home » Services » Cybersecurity

Energy Delivery Systems Cybersecurity

About the Cybersecurity for Energy Delivery Systems Program
A key mission of the Department of Energy's (DOE) Office of Electricity Delivery and Energy Reliability (OE) is to enhance the reliability and resilience of the nation's energy infrastructure. Energy delivery systems enable the automated control of our energy production and distribution. The cybersecurity of these systems is critical for protecting the energy infrastructure and the integral function that it serves in our lives.

OE designed the Cybersecurity for Energy Delivery Systems (CEDS) program to assist the energy sector asset owners (electric, oil, and gas) by developing cybersecurity solutions for energy delivery systems through integrated planning and a focused research and development effort. CEDS co-funds projects with industry partners to make advances in cybersecurity capabilities for energy delivery systems.

Critical Importance of Energy Delivery Systems

power line towers in a field

 

Energy delivery systems are the brains that operate and monitor our energy infrastructure. Two examples of such systems are the Supervisory Control and Data Acquisition (SCADA) and the Distributed Control Systems (DCS). Most early SCADA system designs did not anticipate the security threats posed by the integration of advances in computers and communication such as off-the-shelf software and operating systems, public telecommunication networks, and the Internet. Energy delivery systems have become more productive and efficient, but the energy sector is faced with an unprecedented challenge in protecting systems against cyber incidents and threats.

The CEDS program emphasizes collaboration among the government, industry, universities, national laboratories, and end users to advance research and development in cybersecurity that is tailored to the unique performance requirements, design and operational environment of energy delivery systems. The aim of the program is to reduce the risk of energy disruptions due to cyber incidents as well as survive an intentional cyber assault with no loss of critical function.  This program has resulted in increased security of energy delivery systems around the country.

CEDS program activities fall under five project areas, guided by the “Roadmap to Achieve Energy Delivery Systems Cybersecurity.” They are:

  • Build a Culture of Security. Through extensive training, education, and communication,  cybersecurity “best practices” are encouraged to be reflexive and expected among all stakeholders.
  • Assess and Monitor Risk.  Develop tools to assist stakeholders in assessing their security posture to enable them to accelerate their ability to mitigate potential risks.
  • Develop and Implement New Protective Measures to Reduce Risk. Through rigorous research, development, and testing, system vulnerabilities are revealed and mitigation options are identified which has led to hardened control systems. 
  • Manage Incidents. Facilitate tools for stakeholders to improve cyber intrusion detection, remediation, recovery, and restoration capabilities.
  • Sustain Security Improvements. Through active partnerships, stakeholders are engaged and collaborative efforts and critical security information sharing is occurring. 

DOE is helping to address the critical security challenges of energy delivery systems through a focused R&D effort and integrated planning.

R&D: National SCADA Test Bed

Securing energy delivery systems is essential for protecting energy infrastructure. The National Research Council identified "protecting energy distribution services by improving the security of SCADA systems" as one of the 14 most important technical initiatives for making the Nation safer across all critical infrastructures. In addition, the National Strategy to Secure Cyberspace (2003) (PDF 980 KB) states that "securing DCS/SCADA is a national priority".

The National SCADA Test Bed provides testing environments to help industry and government identify and correct vulnerabilities in SCADA equipment and control systems within the energy sector.

More about the National SCADA Test Bed >

Planning: Roadmap to Achieve Energy Delivery Systems Cybersecurity - 2011

Asset owners and operators, government agencies, and other stakeholders are pursuing various strategies to improve control systems security. To provide a unifying framework, DOE has partnered with industry and developed a 2011 Roadmap to Achieve Energy Delivery Systems Cybersecurity.

The Roadmap identifies the critical needs and priorities and provides a path for improving the security, reliability, and functionality of control systems in the energy sector. DOE coordinated this roadmap development with DHS and relied on the energy sector to guide the process and ensure that the priorities reflect the needs of the electric, oil, and gas companies.

To enhance the Roadmap's effectiveness, CEDS created the interactive energy Roadmap (ieRoadmap), an online database where industry can map its R&D efforts for achieving Roadmap goals, evaluate its progress, and discover collaborative opportunities for future projects..