The US Department of Energy (DOE) has awarded $34m in funding (subject to appropriations) for twelve projects representing energy sector organizations in nine states through the Office of Electricity Delivery and Energy Reliability’s Cybersecurity of Energy Delivery Systems (CEDS) program.

According to DOE, the projects will be given out to both university researchers and commercial companies, and will cover basic issues related to detecting and stopping cyber-attacks on the smart grid.

“The twelve projects will enhance the reliability and resilience of the nation’s energy critical infrastructure through innovative, scalable, and cost-effective research, development and demonstration of cybersecurity solutions.”

There are five topic areas for projects:

  • Detect Adversarial Manipulation of Energy Delivery Systems Components – The focus is the ability to detect and respond to cyber attacks designed to avoid detection by exploiting routine operations normally performed by energy delivery systems.
  •  Secure Integration of Renewable Energy and Energy Efficiency Resources – The focus is on making the integration of renewables onto the power grid at the generation, transmission and/or distribution levels more secure from cyber attacks. This may include the nexus of building control systems or plug-in hybrid vehicles with the power grid.
  •  Continual and Autonomous Reduction of Cyber Attack Surface for Energy Delivery Control Systems – The focus is on reducing exposures of energy delivery systems to cyber attacks, thereby making the systems more secure.
  •  Supply Chain Cybersecurity for Energy Delivery Systems – The focus is on detecting hostile hardware, firmware (combination of hardware and software), and/or software introduced at some point during the manufacture of energy delivery systems.
  • Innovative Technologies That Enhance Cybersecurity in the Energy Sector – The focus will be on identifying gaps in the Roadmap to Achieve Energy Delivery Systems Cybersecurity and proposing innovative technical solutions to the identified risk.

Intel will develop a security architecture solution to securely connect energy infrastructure devices to the cloud to allow the devices to interact with each other. GE will develop and demonstrate an automatic cyberattack anomaly detection and accommodation (ADA) system for power plants that will detect and respond to cyber-disruptions caused by cyber-attacks, and attacks against the cyber-physical interface. Universities and other companies will work on the remaining projects.