The McCrary Institute for Cyber and Critical Infrastructure Security at Auburn University in Alabama received a $10 million Department of Energy grant to pilot a cybersecurity research and operations center dedicated to protecting the nation’s electrical grid.
The pilot program will be developed in partnership with Oak Ridge National Laboratory (ORNL). Auburn and additional partners will contribute $2.5 million, bringing the total investment in the project to $12.5 million.
Known as the Southeast Region Cybersecurity Collaboration Center (SERC3), the center will unite experts from the private sector, academia, and government to collaborate on safeguarding critical infrastructure.
A mock utility command center for real-time cyber defense practice will focus on training cybersecurity practitioners in critical infrastructure defense. Research labs will be established at Auburn’s Ginn College of Engineering and in Oak Ridge, Tennessee.
Additional research on the integration of cutting-edge software and hardware into operational environments will make up part of the program. There will also be a focus on skills development and workforce training—particularly critical in an era where cybersecurity professionals are in short supply.
Universities are a breeding ground for new ideas and innovations, said Jose Seara, CEO and founder at DeNexus. That’s especially so as technology evolution accelerates and threat actors, including nation-states, take advantage of innovations like AI as much as defenders do.
“Adding government resources and focus to research universities will accelerate the formulation of solutions to strengthen cyber defense in critical infrastructures at all levels of the problems,” Seara said.
A partnership between McCrary Institute and Oak Ridge would help close the cybersecurity resource gap, said Seara, and train a new cohort of cyber specialists for cyber-physical systems, like the ones used in the energy sector.
From Seara’s perspective, collaboration between private, public and universities in the energy sector is paramount to align all initiatives and share best practices, know-how and threat intelligence. “The weight of the government behind innovations is important to not only accelerate the revision of cybersecurity regulations and frameworks, but also to provide resources to address the threat of state-sponsored attacks on the grid,” he explained.
Richard Aviles, senior solution consultant at DoControl, agreed that such partnerships are important. They can create new cybersecurity resilience to defend against attacks on our critical infrastructure.
“Partnerships of this type help to bring individuals in from the private sector, academia and the government. They can create a think-tank atmosphere, where information is shared and innovation can offer real-world solutions on how to protect our power grids,” Aviles said.
With a large investment for the project coming from strategic investors and a Department of Energy grant, Aviles pointed out, experts in the field become part of a research lab to generate new ideas and create solutions. “Training is a key area when it comes to defending against cyber criminals. And it gives the workforce an upfront understanding of the type of attacks that can occur and a plan of action to defend against them.”
With insight into how the new technologies work, the workforce would have the ability to see how the newly developed technologies could combat attacks in other industries.
He predicted that as innovative technologies are created through the research, the U.S. energy sector would benefit from the program by having the mechanisms to defend against various types of cyber-attacks on the U.S. infrastructure — particularly from nation-states such as China.
Seara said with threats against critical infrastructure — including electrical grids — more preparation must be done. “A combination of upgrades, modernization and isolation techniques will be required to keep old and new grid infrastructures protected from modern cyber threats,” he said.
However, to maximize the return on such efforts, it is imperative to first identify cyber risk priorities by quantifying where the grid is most at risk, which type of cyber incidents would generate the greatest losses, or which risk mitigation projects will be most beneficial in reducing risk.
“This starts with cyber risk quantification at all levels of the energy sector: from power generation to energy transmission and distribution,” Seara explained.
Ensuring that the U.S. infrastructure can defend against cyber criminals requires upgrades.
Seara called these types of partnerships and research efforts a “national imperative” providing the ability to defend against cyber criminals and to mitigate cyber risks that could impact communities across the country.
“Our critical infrastructure is a target for threat actors, who could shut off utilities in both large and small communities,” Seara said. “Having a research center to develop innovative technologies work to increases our ability to stay online and mitigate cyber security risks.”
Photo credit: Spencer DeMera on Unsplash
Recent Articles By Author