Energy Sector Roadmap
From SCADApedia
The Roadmap to Secure Control Systems in the Energy Sector is a US Department of Energy led effort to define a ten year plan for improving cyber security in the electricity, oil and natural gas sectors.
Contents |
Vision
The Roadmap, published in January 2006, stated the following vision for energy sector control systems:
"In 10 years, control systems for critical applications will be designed, installed, operated, and maintained to survice an intentional cyber assault with no loss of critical function."
Four Goals
The Roadmap lists four goals to improve cyber security in the energy sectors in the next ten years.
- Measure and Assess Security Posture - In the early years this involves performing self assessments and using developed metrics and benchmarks consistently across the sectors. In year ten asset owners should have real-time cyber security monitoring and appropriate responses to detected incidents.
- Develop and Integrate Protective Measures - In the early years this involves training, implementing best practices and securing communication that crosses security perimeters. In year ten security should be integrated into control system applications and devices.
- Detect Intrusion and Implement Response Strategies - In the early years this involves incident reporting guidelines and structures with some sector wide remediation. In year ten this involves automated notification and automated responses to connected control systems in the energy sectors.
- Sustain Security Improvements - In the early years involves coordinating government and industry information sharing and other efforts such as business case development, awareness and training. In year ten these issues are resolved.
Milestones for each of these goals is presented over time, 0-2 years, 2-5 years, 5-10 years and at year 10. This is concisely captured in Exhibit E.1 on page 3.
Projects that are helping meet the milestones are documented in the Interactive Energy Roadmap.
Additional Information
While most of the information and action plan is captured in the first three pages, there is additional background and goal/milestone information in the 58 page document.
- Section 2 provides an overview of the increased risks to control systems, limited threat information and control system security efforts undergoing in government programs and standards groups.
- Section 3 describes the four goals and milestones in more detail.
- Section 4 describes how the ten year and interim goals and milestones will be met including how efforts will be coordinated and supplemented where gaps exist.
- Appendix A summarizes the results from the July 2005 workshop and includes sections on Identifying Strategic Risks, Legacy Systems, Security Tools and Practices, and Control Systems Architecture.
Participants and Process
The Roadmap project was sponsored by U.S. Department of Energy's (DoE) Office of Electricity Delivery and Electric Reliability in collaboration with the Science and Technology Directorate in DHS and the Energy Infrastructure Protection Division of Natural Resources Canada. The project was led by Hank Kenchington (DoE) and a seventeen person steering group with participants from government, national labs, industry organizations and energy sector asset owners.
Another forty individuals participated in a Roadmap Workshop in July 2005. A draft was circulated within the community, and the final version was published in January 2006.
Roadmap Progress
A Roadmap workshop is being held May 28-29, 2008 in Chicago to assess how current research projects and other efforts are contributing to meeting the Roadmap's goals and timelines.
