REMEDYS: Research Exploring Malware in Energy DeliverY Systems
This research will be conducted in collaboration with Pacific Northwest National Laboratory (PNNL), Oak Ridge National Laboratory (ORNL), the U.S. Department of Energy, and an extensive list of vendors, cybersecurity service providers, owners/operators, industry associations, government entities, and universities.
Numerous public and private organizations providing valuable services such as information sharing and malware analysis for the sector exist today. REMEDYS will close the existing gap by connecting and integrating the expertise and resources of the multiple and diverse relevant organizations and stakeholders in a unified effort to protect the sector and nation. Those organizations and stakeholders, within this structure, then accelerate the identification, development and availability of solutions for new malware.
To develop this solution, the Department of Energy is coordinating with two national laboratories in a research effort that will engage energy sector stakeholders to develop an effective model for REMEDYS. The end goal is of this effort is for REMEDYS to provide a platform and synchronized actions across the energy sector that assists the members during a cyber event and makes pertinent mitigation processes available. Ultimately, REMEDYS will gain enough traction to become self-sustaining, having demonstrated value to its participants within the life of the project.
The REMEDYS project will provide:
- An evaluation of the current state of the art for the processes of malware identification and remediation in the energy sector and the identification of potential groups or classes of contributors that will be critical to the success of the program. This may include specific organizations that are currently relevant, but will remain flexible to allow for the later inclusion of new or newly relevant organizations.
- A report of the research conducted, including methodologies used in the research and analysis, the assessment criteria, and the results of the research for each organization structure evaluated.
- A recommended optimal organization structure including descriptions of its charter, how it will operate, value proposition, legal agreements that will need to be in place, and how might be implemented in practice.
Currently, when malware is suspected or found in energy sector Operational Technology (OT) control systems there is no single coordinating organization that can ensure a timely and comprehensive National mitigation process. There are multiple organizations across the United States that each have their roles and responsibilities in validating, assessing, analyzing and developing malware mitigation processes. However, the lack of synchronized actions among public, private, and government sectors can have the potential for an adverse impact in our critical energy infrastructure.
Targets for addressing new malware rely on their own expertise and relationships with others to identify and resolve issues. As an industry, this working of issues in relative isolation lengthens the time from initial discovery to the deployment of a solution. This gives an adversary an unnecessary and distinct advantage in an already tenuous battle. Reducing this window of opportunity for the adversary is crucial to the protection of the energy sector and our Nation’s security. In today’s increasingly hostile cyber landscape, we as a sector and as a nation can no longer afford to work these issues in relative isolation. The time has come to provide a mechanism that rapidly and securely engages the best and brightest from across utilities, industries and government in facilitating solutions to addressing these threats.
The research team, composed of members from ORNL, PNNL, MIT and other supporting organizations, will design and evaluate ways to create an organization of organizations to insure rapid deployment of mitigations. A recommended organization structure, including descriptions of its charter and how it will operate, will be designed to serve as a mechanism to make it easier for energy sector stakeholders, including EDS operators, to respond instantly to threats and breaches that may occur in their environment.
How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
This research will address the following roadmap areas:
- Build a Culture of Cyber Security
- Since the culture is composed of the attitudes, beliefs and values of an organization, the creation of a trusted malware-mitigation organization will highlight the importance of cybersecurity in the energy sector, building a stronger culture of security within each of the stakeholders in the ecosystem, including EDS.
- Develop and Implement New Protective Measures to Reduce Risk
- A successful organizational structure will enable scalable future relationships in the EDS ecosystem since it is designed to reduce risk and increase speed of deployment of mitigations.
- Sustain Security Improvements
- The research team will hold practice case studies to learn and continuously improve security, to better guide the development of the organizational models.
REMEDYS: Research Exploring Malware in Energy DeliverY Systems (2018 Industry Workshop)