Tackling public-private cooperation: a look at the US Department for Energy
The US energy sector is almost wholly privately-owned, with over 8,000 power plants spread across the country. But in a decentralised market such as this, how is it kept secure?
Well, the Department for Energy sets regulations and policy for the entire sector, and has 93,000 employees and an annual budget of almost $28bn. They maintain 17 world-class laboratories undertaking pioneering research into some of the biggest questions of our time – from how to combat climate change to how our planet came into existence.
The CIO of the Energy Department, Max Everett, explained that the labs do a mixture of pure research and more tech-transfer focused initiatives: “We are moving into a world of ubiquitous sensors. We are moving into a world where virtually everything has some type of general-purpose computing ability in it. All of our labs in different ways have a deep expertise in operational technology. [Our labs] are really building the models for managing and securing that next generation of technology. Part of our goal is to make sure we bring in the private sector to better understand the capabilities the labs are developing.”
One of the biggest challenges the DoE faces is that the vast majority of the energy infrastructure is privately owned. This means that although the DoE may be tasked with ensuring the security of the energy supply, the ultimate responsibility lies with private owner-operators spread across the country, with security budgets, awareness and teams of all shapes and sizes.
Jennifer Silk, Senior Advisor to the Secretary for Cybersecurity, went into more detail about how cross-industry partnerships work: “We have a very collaborative research and development project set up here, where industry partners, universities and our labs all partner together on projects to bring their perspectives and make sure the projects they are working on fill the gaps and priorities that the ultimate owners need.” She also pulled the curtain back on a couple of exciting projects:
- A project based at the Savannah River National Laboratory uses low-orbit satellites and random number streams to validate a user’s position to limit access to networks and data. Once released, this has the potential to radically change the way cyber attacks in remote locations are prevented.
- Perhaps the best-known security tool to graduate from the DoE labs is BRO, a powerful network analysis framework targeted at high-performance networks that doesn’t rely on traditional signatures. It’s currently in use in many supercomputing centres around the world, as well as employed in intrusion detection in more traditional high-uptime environments including infrastructure.
The model that DoE have set up is a highly successful cross-industry one, pulling together ultimate end-users – in the form of infrastructure owner-operators – and cutting-edge research from academia, and influential policymakers in government. The ability to band together in a decentralised, unregulated private marketplace (like the US energy sector) can only be a good thing in the face of increasing cyber threats over 2018 and beyond. But how might this be done?
To answer those questions and more, Jennifer Silk will be giving an exclusive keynote and Q&A at this year’s Cyber Security for Critical Assets Summit in Houston, Texas – March 6-8 2018.
Read more below or visit the website here: www.cs4ca.com/usa
New for 2018, the 6th Annual Cyber Security for Critical Assets Summit (USA) boasts two dedicated streams for IT and OT, allowing delegates to hone in on their specialist areas of interest, as well as plenary sessions addressing the common issues that bind both groups of professionals. Each stream is curated by a group of industry-leading experts to be as relevant, as cutting-edge and as in-depth as possible over two days.
Expect to be challenged, learn new techniques from some of the world’s top cyber security innovators and network with your peers at the USA’s leading critical infrastructure security event. You’ll hear exclusive keynotes from leading industry execs, you’ll get the chance to take part in interactive panel debates to benchmark your approach with others, you’ll get in-depth case studies relevant to your sector with tangible, actionable insights and you’ll get platform presentations showcasing the best of tomorrow’s technology.