" Responding to intrusions: Demonstrate technology or techniques needed to perform a comprehensive analysis of the root cause, extent, and consequence of an ongoing cyber intrusion in an energy delivery system. A comprehensive analysis often requires all cyber assets to be evaluated for possible compromise, and cyber assets to be taken offline during this process. However, energy delivery control systems are comprised of complex network architectures that may contain hundreds of specialized cyber components and may extend across wide geographic regions. This picture is becoming increasingly complex as the energy sector brings in technologies such as mobile and cloud computing, plug-in-hybrid vehicles and millions of smart meters. Also, reliable and safe energy delivery requires that energy delivery control system components remain available at all times to sustain critical functions. The technology or technique must be scalable to accommodate energy delivery system architectures of various size and configuration, must not impede critical energy delivery functions and must be demonstrated at an end-user site to validate a clear industry acceptance.
" Detecting problems: Develop technology or techniques to detect the presence of undesired activity inserted upstream in the supply-chain that could compromise the integrity of energy delivery system components. The research can consider one or more of hardware, firmware or software, including third party. The technologies and techniques will be used by the vendor during component development, and may include the capability for continuous detection during operation at the energy asset end-user installation. The technology and techniques must be demonstrated at an end-user site to validate a clear industry acceptance.
" Secure remote access: Build technology to provide secure remote access capability, such as but not limited to cryptographic key management offerings. Secure remote access to field devices is necessary to perform timely maintenance, retrieve data and update firmware. Legacy field devices that typically have limited bandwidth and computational resources, reside in the same architecture with modern devices that are equipped with more advanced communication and computational capabilities and that may number in the millions, such as smart meters. The technology must be scalable to energy delivery system architectures of various size and configuration; interoperate across diverse communications media and protocols in the energy sector, including legacy as well as current day devices; accommodate legacy device bandwidth and computational constraints; and not impede critical energy delivery functions.
" Responding to threats: Develop technology to detect and respond, as appropriate, to adversarial cyber activity that seeks to evade detection by exploiting expected and allowed operation of power grid components. For example, malicious manipulation of energy sector communications may use an expected protocol and request an action that the recipient local power grid devices were designed to perform but that action may be undesired in the larger operational context of the bulk power grid. This technology should not impede critical energy delivery functions.
Sign up for CIO Asia eNewsletters.