DOE-CESER_WHITE

The Securing Energy Infrastructure Executive Task Force (SEI ETF) is a voluntary group of senior leaders representing energy sector asset owners and operators, vendors/manufacturers, standards organizations, research and academic institutions, National Laboratories, and government agencies. The U.S. Department of Energy formed the SEI ETF as directed by Section 5726 of the National Defense Authorization Act for Fiscal Year 2020 (NDAA 2020).

The SEI ETF formed a series of advisory groups and technical project teams to pursue several taskings mandated by the statute, including evaluating technology and standards for industrial control systems (ICS), identifying categories of ICS vulnerabilities, and developing a National Cyber-Informed Engineering Strategy. Published deliverables are highlighted here. Several deliverables may be in draft form as the SEI ETF concludes its work and examines opportunities to continue moving these work products forward with the energy industry.

security energy infrastructure etf structure graphic

Matrix of Industrial Control Systems Standards

Matrix of StandardsGiven the abundance of industrial control systems (ICS) cybersecurity standards today, it can be challenging for users to determine which are the best fit for their organization. The SEI ETF developed an interactive matrix that contains over 75 standards in a searchable and sortable format to help organizations apprehend the body of standards, how they interrelate, and how they apply.

energy industrial control systmes standards

Reference Architecture for Electric Energy OT

Reference Architecture

The Reference Architecture for Electric Energy OT was developed to address gaps in existing architecture models, and provides a baseline from which domain-specific profiles can be derived.  The SEI ETF further developed profiles for four domain-specific applications, including substation, generation, distributed energy resources, and operation/network control center.

SEI ETF members are now working with the International Society of Automation (ISA) to include the profiles in the ISA/International Electrotechnical Commission (IEC) 62443 series of standards.

energy ICS reference architecture profiles

View the Reference Architecture and Profiles

Categories of Security Vulnerabilities in ICS

New Categories of Security Vulnerabilities

The SEI ETF has identified 20 categories of security vulnerabilities in industrial control systems (ICS). These 20 categories are distinct from those already documented in information technology (IT), go beyond vulnerabilities arising from the implementation of ICS systems, and include those arising from design, architectural, operational, and human factors.

The MITRE Corporation is launching an ICS/OT Special Interest Group (SIG) in May 2022 to explore the inclusion of these categories in MITRE’s Common Weakness Enumeration (CWE) database. Email cwe@mitre.org to join and see the ICS-OT SIG Overview for more details.

A National Cyber-Informed Engineering Initiative

cyber informed engineering logo

The Department of Energy (DOE) and INL have developed a framework to guide the application of cybersecurity principles across the engineering design lifecycle. The Cyber-Informed Engineering (CIE) framework and body of knowledge drives the inclusion of cybersecurity as a foundational element of risk management for engineering of functions aided by digital technology. Cyber-Informed Engineering provides a framework for a change in philosophy and engineering practices to proactively secure existing digital infrastructure and build new systems designed to withstand the modern and future cyber-adversary.

For More Information

Cyber-informed Engineering (CIE) Program Team

Cyber-Informed Engineering (CIE)

 

Email: cie@inl.gov

INL Media Contact

Ethan Huffman

Phone: 208-526-5015

Email: ethan.huffman@inl.gov

Sponsor

DOE logoThe Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today by improving energy infrastructure security and supporting the Department of Energy’s national security mission. CESER’s focus is preparedness and response activities to natural and man-made threats, while ensuring a stronger, more prosperous, and secure future for the nation.

 

Participating Laboratory

inlIdaho National Laboratory is a world leader in providing industrial control system (ICS) cybersecurity research and development. The laboratory’s distinctive history in protecting critical infrastructure systems puts the lab at the forefront of thought leadership and applied innovation in critical infrastructure cybersecurity testing. INL uses a comprehensive approach to developing ICS cybersecurity research to meet the energy sector’s needs identified by the DOE, utilities, and other organizations.