Securing Energy Infrastructure Executive Task Force

Securing Energy Infrastructure Executive Task Force

Partnering with energy sector entities to identify and defend critical control systems

The Securing Energy Infrastructure Executive Task Force (SEI ETF) is a voluntary group of senior leaders representing energy sector asset owners and operators, vendors/manufacturers, standards organizations, research and academic institutions, National Laboratories, and government agencies. The U.S. Department of Energy formed the SEI ETF as directed by Section 5726 of the National Defense Authorization Act for Fiscal Year 2020 (NDAA 2020).

The SEI ETF formed a series of advisory groups and technical project teams to pursue several taskings mandated by the statute, including evaluating technology and standards for industrial control systems (ICS), identifying categories of ICS vulnerabilities, and developing a National Cyber-Informed Engineering Strategy. Published deliverables are highlighted here. Several deliverables may be in draft form as the SEI ETF concludes its work and examines opportunities to continue moving these work products forward with the energy industry.

NADA 2020 5726: Securing Energy Infrastructure

Capabilities to Identify Cyber Attack Techniques within Operational Technology (OT) Environments

Given the abundance of industrial control systems (ICS) cybersecurity standards today, it can be challenging for users to determine which are the best fit for their organization. The SEI ETF developed an interactive matrix that contains over 75 standards in a searchable and sortable format to help organizations apprehend the body of standards, how they interrelate, and how they apply.
Standard Matrix

Reference Architecture for Electric Energy OT

The Reference Architecture for Electric Energy OT was developed to address gaps in existing architecture models, and provides a baseline from which domain-specific profiles can be derived.  The SEI ETF further developed profiles for four domain-specific applications, including substation, generation, distributed energy resources, and operation/network control center.

SEI ETF members are now working with the International Society of Automation (ISA) to include the profiles in the ISA/International Electrotechnical Commission (IEC) 62443 series of standards.

View the Reference Architecture and Profiles
View the Reference Architecture and White Paper
Reference Architecture

Categories of Security Vulnerabilities in ICS

The SEI ETF has identified 20 categories of security vulnerabilities in industrial control systems (ICS). These 20 categories are distinct from those already documented in information technology (IT), go beyond vulnerabilities arising from the implementation of ICS systems, and include those arising from design, architectural, operational, and human factors.

The MITRE Corporation is launching an ICS/OT Special Interest Group (SIG) in May 2022 to explore the inclusion of these categories in MITRE’s Common Weakness Enumeration (CWE) database. Email cwe@mitre.org to join and see the ICS-OT SIG Overview for more details.

View the Category Descriptions

A National Cyber-Informed Engineering Initiative

Cyber-Informed Engineering logo

CIE is an holistic approach to integrate cybersecurity considerations into the conception, design, build, and operation of any physical system that has digital connectivity, monitoring, or control. Pursuant to Congressional direction, the SEI ETF developed the National CIE Strategy, building on foundational work developed at Idaho National Laboratory.

DOE released the National CIE Strategy in June 2022.

Read More

Sponsor

Department of Energy

Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today by improving energy infrastructure security and supporting the Department of Energy’s national security mission. CESER’s focus is preparedness and response activities to natural and man-made threats, while ensuring a stronger, more prosperous, and secure future for the nation.

Participating Laboratory

Idaho National Laboratory

Idaho National Laboratory is a world leader in providing industrial control system (ICS) cybersecurity workforce training and development. The laboratory’s distinctive history in protecting critical infrastructure systems puts the lab at the forefront of thought leadership and applied innovation in critical infrastructure cybersecurity education. INL uses a comprehensive approach to developing ICS cybersecurity training programs that can be tailored to meet the energy sector’s needs identified by the DOE, utilities, and other organizations.

For More Information:
Contact Us
US Department of Energy