- The North American Electric Reliability Corp. (NERC) said Monday it is expanding a key cybersecurity information sharing program to address growing threats to the industrial control and data acquisition systems that increasingly help manage the electric grid.
- NERC has partnered with the U.S. Department of Energy (DOE) on two pilots within the reliability organization's Cybersecurity Risk Information Sharing Program (CRISP) to capture data from supervisory control and data acquisition (SCADA) and industrial control systems (ICS) and use it to monitor for potential intrusions and strengthen grid security.
- Experts say the pilots represent significant advances in how CRISP collects and shares information. NERC's Electricity Information Sharing and Analysis Center (E-ISAC) is also working with the Pacific Northwest National Laboratory on a new information technology (IT) project to guard against malicious activity on utilities’ business networks.
Hackers are increasingly targeting the operational technology that helps run the electric grid. In response, security officials are adjusting existing cybersecurity programs to counter the threat.
The two pilots will attempt to identify threats to utilities’ industrial control systems by capturing "raw and/or refined operational technology data" and comparing it with IT data that utilities send to CRISP.
CRISP is a voluntary public-private data sharing and analysis platform that allows the energy sector to share IT system traffic in near-real time. The two new pilots explore ICS and SCADA solutions, "which are essential for the reliable operation of the grid, and opportunities for joint IT and OT data analysis," Frank Honkus, associate director of intelligence programs and CRISP manager at E-ISAC, said in an email.
In the first pilot, Honkus said OT sensor analytic results "will be jointly analyzed with CRISP IT data on a platform installed at the NERC data center. This is capturing refined operational technology data and comparing it to CRISP information technology data."
The second pilot is focused on the DOE-funded, National Rural Electric Cooperative Association-led Essence program, which utilizes real-time anomaly detection to identify and warn of possible network breaches. The pilot will include five utility members of NRECA, and the Essence program will be expanded to include the CRISP community, according to NERC's announcement.
"Essence also includes grid physics data as an added source for comparative analysis," Honkus explained. "This pilot attempts to identify and/or explain anomalies that may be identified in the virtual representation of the grid segment, the OT network data, and/or the CRISP IT data," to identify and cut off malicious activity.
Threats to the electric grid are growing as hackers develop more sophisticated methods to target operational and control systems that are increasingly connected to the internet and interfaced with utility IT systems. In October, the U.S. Cybersecurity and Infrastructure Security Agency warned of the potential for Chinese cyberattacks and recommended owners of critical infrastructure, including the power sector, "disable unnecessary ports, protocols, and services" to limit the threat.
Security experts say information sharing and real-time data analysis are a key to securing the electric system.
"CRISP will be able to monitor data traversing networks using information sharing devices to aid in detecting and mitigating threats," said James Evelyn, vice president of compliance solutions for Force 5, a risk management firm. "This is a big step forward in the way information is collected and shared."
NRECA announced in September that it had received DOE funding to expand Essence. The federal agency split $12 million between NRECA and the American Public Power Association to build cybersecurity tools for electric cooperatives and municipalities.
“As the final link in the chain of secure electric delivery, these community-owned companies and cooperatives rely heavily on the types of shared security resources we are aiming to provide through this initiative,” Sean Plankey, DOE's principal deputy assistant secretary for cybersecurity, energy security, and emergency response, said in a statement.