Maximum Phase I Award Amount: $200,000 Maximum Phase II Award Amount: $1,100,000 Accepting SBIR Phase I Applications: YES Accepting STTR Phase I Applications: NO Research in cybersecurity for energy delivery systems is focused on enhancement of operational technology (OT) that aids power systems to adapt and survive from a cyberattack and continue safe operations. This OT is the computers and networks that manage, monitor, protect, and control operations of energy delivery systems. This research topic requests proposals to develop proof of concept for unique and innovative features to existing tools and technologies or unique and innovative techniques and methodologies that address a need for the cyber security for the energy sector. Selected proposals must include a scope of work that will lead up to, but will not include, the development of a demonstration prototype. All applications to subtopics under this topic must: Propose a tightly structured project which includes technical and business milestones that demonstrate clear progress, are aggressive but achievable, and are quantitative; For any solution intended for onsite installation; fully justify the compatibility with the electro-magnetic and environmental conditions of the intended site; Clearly describe the commercialization potential of the federally-funded effort and provide a detailed path to scale up in potential transition to industry practice. Fully justify the future potential for demonstration with an asset owner/operator who is an intended user. All applications to subtopics under this topic should: Clearly define the merit of the proposed innovation compared to competing approaches and the anticipated outcome. Be consistent with and have performance metrics (whenever possible) linked to published, authoritative analyses in your technology space. Include quantitative projections for price and/or performance improvement that are tied to representative values included in authoritative publications or in comparison to existing products. Fully justify all performance claims with thoughtful theoretical predictions and/or experimental data. Grant applications are sought in the following subtopics: a. Cybersecurity during Contingency Operations This subtopic area is for the development of tools and technologies that ensure secure access to energy delivery systems OT during contingency operations. Maintaining control and system/network visibility is paramount during restoration efforts, particularly those involving black start techniques and compressor operations in natural gas transmission and distribution. This capability must be timely and secure to prevent any interruption in operations where possible, and to facilitate restoration in the event of outage. This tool must also not hinder the work that must be done to transition from contingency to normal operations of the energy delivery system and should be flexible and quickly deployable. To the extent possible its communications footprint should be light enough to function in situations where normal utility communications paths are disrupted. Questions Contact: Walter Yamben, Walter.Yamben@netl.doe.gov b. Cybersecurity in Supply Chain and Acquisition This subtopic is for the development of tools, techniques, and/or methodologies to ensure that concerns for cybersecurity are included in the process of equipment and software acquisition within the energy sector. This proposed solution can include but is not limited to addressing interaction of software and firmware with legacy equipment; addressing interaction of new or updated OT equipment with existing operations; sourcing of Industrial Control System (ICS) equipment subcomponents; and addressing management of a software bill of materials. Questions Contact: Walter Yamben, Walter.Yamben@netl.doe.gov c. Enhancing Organizational Cybersecurity Awareness This subtopic is for the development of tools, techniques, and/or methodologies to enhance the operational base for organizational cybersecurity awareness. Proposed solutions can include but are not limited to innovative approaches to enhance awareness of energy sector OT equipment and networking, and distribution; methodologies to include considerations for multiple entities and varying configurations of OT infrastructure in the development of organizational tabletop exercises; addressing organizational awareness of cybersecurity hygiene for OT equipment and networking. Questions Contact: Walter Yamben, Walter.Yamben@netl.doe.gov References: 1. United States White House. Executive Order on Securing the United States Bulk-Power System Infrastructure & Technology, United States White House, May 01, 2020, https://www.whitehouse.gov/presidential-actions/executive-order-securing-united-states-bulk-power-system/ 2. American Petroleum Institute. State of Operational Technology Cybersecurity in the Oil and Natural Gas Industry. American Petroleum Institute. p. 82. 2014, www.api.org/~/media/Files/Policy/Cybersecurity/Operational-Technologies-Guidance-Doc-Apr14.pdf (It is recommended to access this link through a Chrome browser.) 3. Locasto, M., Balenson, D. A Comparative Analysis Approach for Deriving Failure Scenarios in the Natural Gas Distribution Infrastructure . International Conference on Critical Infrastructure Protection, November 19, 2019, https://link.springer.com/chapter/10.1007/978-3-030-34647-8_2 4. National Telecommunications and Information Administration. NTIA Software Component Transparency. U.S. Department of Commerce, NTIA, 2020, https://www.ntia.doc.gov/SoftwareTransparency 5. Proctor, D. The Energy-Sector Threat: How to Address Cybersecurity Vulnerabilities. Power Magazine, September 03, 2020, https://www.powermag.com/the-energy-sector-threat-how-to-address-cybersecurity-vulnerabilities/ 6. The Smart Grid Interoperability Panel Smart Grid Cybersecurity Committee. Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements, Guidelines for Smart Grid Cyber Security. , Vol. 1-2, NISTIR 7628, p. 668. National Institute of Standards and Technology. 2014, https://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf 7. IEEE. C37.240-2014 - IEEE Standard Cybersecurity Requirements for Substation Automation, Protection, and Control Systems. IEEE Standards Association, 2015. https://standards.ieee.org/standard/C37_240-2014.html 8. National Energy Reliability Corporation. Reference Document Risks and Mitigations for Losing EMS Functions. National Energy Reliability Corporation, 2017, https://www.nerc.com/comm/OC/ReferenceDocumentsDL/Risks_and_Mitigations_for_Losing_EMS_Functions_Reference_Document_20171212.pdf 9. North American Transmission Forum. Bulk Electric Systems Operations Absent Energy Management System and Supervisory Control and Data Acquisition Capabilities a Spare Tire Approach. North American Transmission Forum, 2017, http://www.natf.net/docs/natf/documents/resources/resiliency/natf-bes-operations-absent-ems-and-scada-capabilities---a-spare-tire-approach.pdf
