Secure Energy: Securing Energy Infrastructure Executive Task Force

Partnering with energy sector entities to identify and defend critical control systems

The Securing Energy Infrastructure Executive Task Force (SEI ETF) is a voluntary group of senior leaders representing energy sector asset owners and operators, vendors/manufacturers, standards organizations, research and academic institutions, National Laboratories, and government agencies. The U.S. Department of Energy formed the SEI ETF as directed by Section 5726 of the National Defense Authorization Act for Fiscal Year 2020 (NDAA 2020).

The SEI ETF formed a series of advisory groups and technical project teams to pursue several taskings mandated by the statute, including evaluating technology and standards for industrial control systems (ICS), identifying categories of ICS vulnerabilities, and developing a National Cyber-Informed Engineering Strategy. Published deliverables are highlighted here. Several deliverables may be in draft form as the SEI ETF concludes its work and examines opportunities to continue moving these work products forward with the energy industry.

Capabilities to Identify Cyber Attack Techniques within Operational Technology (OT) Environments

Given the abundance of industrial control systems (ICS) cybersecurity standards today, it can be challenging for users to determine which are the best fit for their organization. The SEI ETF developed an interactive matrix that contains over 75 standards in a searchable and sortable format to help organizations apprehend the body of standards, how they interrelate, and how they apply.

Reference Architecture for Electric Energy OT

The Reference Architecture for Electric Energy OT was developed to address gaps in existing architecture models, and provides a baseline from which domain-specific profiles can be derived.  The SEI ETF further developed profiles for four domain-specific applications, including substation, generation, distributed energy resources, and operation/network control center.

SEI ETF members are now working with the International Society of Automation (ISA) to include the profiles in the ISA/International Electrotechnical Commission (IEC) 62443 series of standards.

View the Reference Architecture and Profiles
View the Reference Architecture and White Paper

Capabilities to Identify Cyber Attack Techniques within Operational Technology (OT) Environments

The SEI ETF has identified 20 categories of security vulnerabilities in industrial control systems (ICS). These 20 categories are distinct from those already documented in information technology (IT), go beyond vulnerabilities arising from the implementation of ICS systems, and include those arising from design, architectural, operational, and human factors.

The MITRE Corporation is launching an ICS/OT Special Interest Group (SIG) in May 2022 to explore the inclusion of these categories in MITRE’s Common Weakness Enumeration (CWE) database. Email [email protected] to join and see the ICS-OT SIG Overview for more details.

View the Category Descriptions

A National Cyber-Informed Engineering Initiative

CIE is an holistic approach to integrate cybersecurity considerations into the conception, design, build, and operation of any physical system that has digital connectivity, monitoring, or control. Pursuant to Congressional direction, the SEI ETF developed the National CIE Strategy, building on foundational work developed at Idaho National Laboratory.

DOE released the National CIE Strategy in June 2022.

Read More