Department of Energy Invests $50 Million To Improve Critical Energy Infrastructure Security

Orome1 shares a report from Help Net Security: Today, the Department of Energy (DOE) is announcing awards of up to $50 million to DOE's National Laboratories to support early stage research and development of next-generation tools and technologies to further improve the resilience of the Nation's critical energy infrastructure, including the electric grid and oil and natural gas infrastructure. The electricity system must continue to evolve to address a variety of challenges and opportunities such as severe weather and the cyber threat, a changing mix of types of electric generation, the ability for consumers to participate in electricity markets, the growth of the Internet of Things, and the aging of the electricity infrastructure. The seven Resilient Distribution Systems projects awarded through DOE's Grid Modernization Laboratory Consortium (GMLC) will develop and validate innovative approaches to enhance the resilience of distribution systems -- including microgrids -- with high penetration of clean distributed energy resources (DER) and emerging grid technologies at regional scale. The project results are expected to deliver credible information on technical and economic viability of the solutions. The projects will also demonstrate viability to key stakeholders who are ultimately responsible for approving and investing in grid modernization activities. In addition, the Department of Energy "is also announcing 20 cybersecurity projects that will enhance the reliability and resilience of the Nation's electric grid and oil and natural gas infrastructure through innovative, scalable, and cost-effective research and development of cybersecurity solutions."

Re:I'll take 10 million

[Bob+the+Super+Hamste]

I see someone has no idea of what they are talking about in this regard. Here is the current standard that grid operators have to comply with. Also here is what is currently being asked of suppliers by the grid operators when getting a new system. Add in that the systems be benchmarked against these or these is also becoming written into the contracts now. I would assume that operators in the oil and gas industry either have similar things or are at least smart enough to re-purpose the above as the effort to do so would be minimal. A lot of the security efforts for securing the grid are not to protect it from the general internet, they are already separated and if not the company fucked up really bad and if NERC finds out the company will be paying some huge fines so let NERC know. Instead the security is to protect the control system from stupid users who find a USB rubber ducky in the parking lot, connects their corporate laptop to the control network, someone doing malicious things out at some remote substation that then gets into the main control system, or malicious insider. The people going after the grid are professionals and more often than not state actors not little Timmy from down the street who just found out about Low Orbit Ion Cannon or Armitage.