A Cybersecurity Threat Detection and Reporting Initiative
Overview
As cyber threats continue to evolve, it is critical to be able to effectively detect and report system data anomalies. These deviations are key indicators that there is potential malicious activity. To assist rural electric cooperatives in gaining this capability, NRECA has been awarded funding from the U.S. Department of Energy (DOE) for the deployment of technologies that protect, defend or harden Operational Technology (OT) subjected to external threat exposure due to the convergence of Information Technology (IT) and Operational Technology (OT) systems.
Program Approach
NRECA will work with DOE (NETL and CESER's CEDS R&D office) under a cooperative agreement to deploy cyber and cyber-physical solutions for rural electric cooperatives.
While remaining technology neutral, DOE will encourage the deployment of technologies to monitor electric utilities' industrial control systems and detect anomalies. This program will enable a partnership with NRECA member rural electric cooperatives and technology vendors to deploy technologies and systems that will provide cyber visibility, detection, and response capabilities for industrial control systems (ICS) of electric utilities. Data volunteered by participants will be collected, analyzed, and shared with the U.S. Government, in order to gain insights into the nature of cyber threats to individual cooperatives and the broader electricity grid. Results from the program will be shared with NRECA members to advance our collective understanding and help define how we can work together to continue to advance the cybersecurity posture of our co-op network.
Benefits of this Program
This critical DOE initiative will modernize cybersecurity defenses in multiple ways including:
- Encourages owners and operators to implement measures or technology that enhance their detection, mitigation, and forensic capabilities,
- Includes concrete milestones for owners and operators to identify and deploy technologies and systems that enable near real time situational awareness and response capabilities in critical ICS and operational technology (OT) networks,
- Reinforces and enhances the cybersecurity posture of critical infrastructure information technology (IT) networks, enhancing people and process in OT and IT, enabling future technology deployments; and
- Includes a voluntary industry effort to deploy technologies and share data with a central threat center and USG to increase visibility of threats in ICS and OT systems.
