The Cyber Resilient Energy Delivery Consortium (CREDC) performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS) that focuses on the cybersecurity of EDS. CREDC addresses the cybersecurity of power grids and oil & gas refinery and pipeline operations, which has been the subject of legislation, standards, and executive actions. There is growing awareness that the industry must move to ensure that EDS sustain critical functions in the presence of disruptive events arising from cyberattacks and misconfigurations, and to rapidly recover from disruptions to full functionality. CREDC conducts a number of research activities that address multiple Roadmap elements at a variety of Technology Readiness Levels. The central project goal is to create a research and development ecosystem where research results lead directly to development of applications and methodologies which are then validated in realistic contexts.
CREDC is funded by the U.S. Department of Energy and the U.S. Department of Homeland Security. Consortium partners include: University of Illinois at Urbana-Champaign, Argonne National Laboratory, Arizona State University, Dartmouth College, the Massachusetts Institute of Technology, Old Dominion University, Oregon State University, the Pacific Northwest National Laboratory, Rutgers University, Tennessee State University, the University of Houston, and Washington State University.
“By 2020, resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber incident while sustaining critical functions.” – Energy Sector Control Systems Working Group Industry Roadmap, 2011
Cyber networks provide the framework for many important functions within energy delivery systems, from sending data between a smart meter and utility to controlling the flow of oil or gas in a pipeline. However, they are also vulnerable to disturbances. According to the ICS-CERT “Monitor” newsletter, a publication of the Department of Homeland Security, a third of the 245 reported cyber incidents in industrial control systems that happened in 2014 occurred in the energy sector.
The Cyber Resilient Energy Delivery Consortium (CREDC) works to make these systems more secure and resilient. In the cyber world, “security” refers to the ability to keep data confidential and uncorrupted, while “resiliency” is the ability to withstand attacks, provide an acceptable level of service in the midst of an incident, and recover quickly following an attack.
By involving industry early and often – from helping us to identify critical sector needs to performing pilot deployment and technology adoption – CREDC will develop projects that have significant and measurable sector impact. Our goal is to create a pipeline through which foundational research will lead to applied research and development, which in turn will result in technology that is effective and affordable and can be implemented quickly in the field.
Legacy & Leading the Way
CREDC is a successor to two earlier research initiatives focused on EDS resilience, particularly in the area of electric power:
- Trustworthy Cyber Infrastructure for the Power Grid (TCIP) project, a $7.5 million initiative funded in 2005 by the National Science Foundation with support from the Department of Energy and Department of Homeland Security;
- Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) project, an $18.4 million initiative launched in 2009 by the DoE’s Office of Electricity Delivery and Energy Reliability with support from the DHS’s Science and Technology Directorate’s Cyber Security Division.
Back in 2005, the electricity sector was largely “security-unaware.” Thanks in part to those earlier efforts, there has since been widespread adoption of security best practices and technology. However, because the landscape continuously evolves, resiliency in a dynamic environment is key. With a broader research scope that includes the oil & gas industry and with support and funding provided by the U.S. Department of Energy, CREDC continues to lead the way.
Funding support for CREDC is provided by:
- Department of Energy Office of Electricity Delivery & Energy Reliability
- Department of Homeland Security Science & Technology Directorate
- Energy Industry Sponsorships
Funding Acknowlegment and Disclaimer
This material is based upon work supported by the Department of Energy under Award Number DE-OE0000780.
This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.