The DoE is looking to accelerate the deployment of privately-owned cybersecurity technologies into the energy industry after a cyberattack downed a pipeline communications system.
16 April the US Department of Energy (DoE) made $25 million (€20.2 million) available in funding to research, develop, and demonstrate new approaches for cybersecurity for energy infrastructure.
The announcement follows an attack earlier in April on a communication system used by pipeline operators called the EDI platform. While the platform was downed, no data was compromised and pipeline operations continued.
The Department of Homeland Security warned mid-May that the Russian government was targeting energy facilities and other crucial infrastructure.
Cybersecurity in the energy sector has been a concern for some time. In a 2012 report, the Congressional Research service emphasised the threat that this kind of attack posed: “cyber infiltration of supervisory control and data acquisition (SCADA) systems could allow successful “hackers” to disrupt pipeline service and cause spills, explosions, or fires—all from remote locations.”
The goal of the funding is to build on efforts from the private sector to safeguard critical infrastructure and prevent a cyber-related incident that could disrupt energy delivery. Eligible projects include cybersecurity for the oil and natural gas environment, cybersecure communications and cybersecure cloud-based systems for operation technology. The application deadline is 18 June 2018.
“Energy cybersecurity is a national priority that demands the next wave of advanced technologies to create more secure and resilient systems needed for America’s future prosperity, vitality, and energy independence,” said Secretary of Energy Rick Perry in a statement announcing the funding.
“The need to strengthen efforts to protect our critical energy infrastructure is why I am standing up the Office of Cybersecurity, Energy Security, and Emergency Response (CESER). Through CESER and programs like CEDS, the Department can best pursue innovative cybersecurity solutions to the cyber threats facing our Nation.”
Applications for funding must end with a demonstration of the developed technology at an end-user site to display a path to commercial adoption. This can be done either through commercialisation or by making the product open-source.