Maximum Phase I Award Amount: $200,000
Maximum Phase II Award Amount:
$1,100,000
Accepting SBIR Phase I
Applications: YES
Accepting STTR Phase I Applications:
NO
Research in cybersecurity for energy delivery systems is
focused on enhancement of operational technology (OT) that aids power systems
to adapt and survive from a cyberattack and continue safe operations. This OT
is the computers and networks that manage, monitor, protect, and control
operations of energy delivery systems. This research topic requests proposals
to develop proof of concept for unique and innovative features to existing
tools and technologies or unique and innovative techniques and methodologies
that address a need for the cyber security for the energy sector. Selected
proposals must include a scope of work that will lead up to, but will not
include, the development of a demonstration prototype.
All applications to subtopics under this topic must:
Propose a tightly structured project which includes technical and
business milestones that demonstrate clear progress, are aggressive but
achievable, and are quantitative;
For any solution intended for onsite installation; fully justify
the compatibility with the electro-magnetic and environmental conditions of the
intended site;
Clearly describe the commercialization potential of the
federally-funded effort and provide a detailed path to scale up in potential
transition to industry practice.
Fully justify the future potential for demonstration with an
asset owner/operator who is an intended user.
All applications to subtopics under this topic should:
Clearly define the merit of the proposed innovation compared to
competing approaches and the anticipated outcome.
Be consistent with and have performance metrics (whenever
possible) linked to published, authoritative analyses in your technology space.
Include quantitative projections for price and/or performance
improvement that are tied to representative values included in authoritative
publications or in comparison to existing products.
Fully justify all performance claims with thoughtful theoretical
predictions and/or experimental data.
Grant applications are sought in the following subtopics:
a.
Cybersecurity during Contingency Operations
This subtopic area is for the
development of tools and technologies that ensure secure access to energy
delivery systems OT during contingency operations. Maintaining control
and system/network visibility is paramount during restoration efforts,
particularly those involving black start techniques and compressor operations
in natural gas transmission and distribution. This capability must be
timely and secure to prevent any interruption in operations where possible, and
to facilitate restoration in the event of outage. This tool must also not
hinder the work that must be done to transition from contingency to normal
operations of the energy delivery system and should be flexible and quickly
deployable. To the extent possible its communications footprint should be
light enough to function in situations where normal utility communications
paths are disrupted.
Questions Contact: Walter
Yamben, Walter.Yamben@netl.doe.gov
b.
Cybersecurity in Supply Chain and Acquisition
This subtopic is for the
development of tools, techniques, and/or methodologies to ensure that concerns
for cybersecurity are included in the process of equipment and software
acquisition within the energy sector. This proposed solution can include but is
not limited to addressing interaction of software and firmware with legacy
equipment; addressing interaction of new or updated OT equipment with existing
operations; sourcing of Industrial Control System (ICS) equipment
subcomponents; and addressing management of a software bill of materials.
Questions Contact: Walter
Yamben, Walter.Yamben@netl.doe.gov
c.
Enhancing Organizational Cybersecurity Awareness
This subtopic is for the
development of tools, techniques, and/or methodologies to enhance the
operational base for organizational cybersecurity awareness. Proposed solutions
can include but are not limited to innovative approaches to enhance awareness
of energy sector OT equipment and networking, and distribution; methodologies
to include considerations for multiple entities and varying configurations of
OT infrastructure in the development of organizational tabletop exercises;
addressing organizational awareness of cybersecurity hygiene for OT equipment
and networking.
Questions Contact: Walter
Yamben, Walter.Yamben@netl.doe.gov
References:
1.
United States White House. Executive Order on Securing the United
States Bulk-Power System Infrastructure & Technology, United States
White House, May 01, 2020, https://www.whitehouse.gov/presidential-actions/executive-order-securing-united-states-bulk-power-system/
2.
American Petroleum Institute. State of Operational Technology
Cybersecurity in the Oil and Natural Gas Industry. American Petroleum
Institute. p. 82. 2014,
www.api.org/~/media/Files/Policy/Cybersecurity/Operational-Technologies-Guidance-Doc-Apr14.pdf
(It is recommended to access this link through a Chrome browser.)
3.
Locasto, M., Balenson, D. A Comparative Analysis Approach for Deriving
Failure Scenarios in the Natural Gas Distribution Infrastructure . International
Conference on Critical Infrastructure Protection, November 19, 2019, https://link.springer.com/chapter/10.1007/978-3-030-34647-8_2
4.
National Telecommunications and Information Administration. NTIA
Software Component Transparency. U.S. Department of Commerce, NTIA,
2020, https://www.ntia.doc.gov/SoftwareTransparency
5.
Proctor, D. The Energy-Sector Threat: How to Address Cybersecurity
Vulnerabilities. Power Magazine, September 03, 2020, https://www.powermag.com/the-energy-sector-threat-how-to-address-cybersecurity-vulnerabilities/
6.
The Smart Grid Interoperability Panel Smart Grid Cybersecurity
Committee. Smart Grid Cybersecurity Strategy, Architecture, and High-Level
Requirements, Guidelines for Smart Grid Cyber Security. , Vol. 1-2, NISTIR
7628, p. 668. National Institute of Standards and Technology. 2014, https://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf
7.
IEEE. C37.240-2014 - IEEE Standard Cybersecurity Requirements for
Substation Automation, Protection, and Control Systems. IEEE Standards
Association, 2015. https://standards.ieee.org/standard/C37_240-2014.html
8.
National Energy Reliability Corporation. Reference Document Risks and
Mitigations for Losing EMS Functions. National Energy Reliability
Corporation, 2017, https://www.nerc.com/comm/OC/ReferenceDocumentsDL/Risks_and_Mitigations_for_Losing_EMS_Functions_Reference_Document_20171212.pdf
9.
North American Transmission Forum. Bulk Electric Systems Operations
Absent Energy Management System and Supervisory Control and Data Acquisition
Capabilities a Spare Tire Approach. North American Transmission Forum,
2017, http://www.natf.net/docs/natf/documents/resources/resiliency/natf-bes-operations-absent-ems-and-scada-capabilities---a-spare-tire-approach.pdf
