The U.S. Department of Energy has selected the University of Illinois at Urbana-Champaign to lead a new five-year, $28.1 million initiative that will develop cyber resilient energy delivery systems for the electric power and oil & gas industries. The DOE is contributing $22.5 million, with $5.6 million in recipient cost-share.

The Cyber Resilient Energy Delivery Consortium (CREDC), which consists of 11 universities and national laboratories, will focus on improving the resilience and security of the cyber networks that serve as the backbone of the infrastructure that delivers energy to the nation -- known as energy delivery systems (EDS) -- such as power grid and pipeline systems.

The consortium includes researchers from Argonne National Laboratory, Arizona State University, Dartmouth College, the Massachusetts Institute of Technology, Oregon State University, the Pacific Northwest National Laboratory, Rutgers University, Tennessee State University, the University of Houston, and Washington State University.

“Our consortium will focus on making energy delivery systems resilient to cyber-anomalies, whether accidental or from malicious intent,” said David Nicol, director of the Information Trust Institute at Illinois, Franklin W. Woeltge Professor of Electrical and Computer Engineering, and CREDC principal investigator. “The challenge is that increased efficiencies and capabilities in energy delivery rely on greater use of computers and communication networks, which simultaneously raises the potential for serious problems. We need to be able to integrate advanced cyber components with the assurance that we aren’t making systems more vulnerable.”

Cyber networks provide the framework for many important functions within energy delivery systems, from sending data between a smart meter and utility to controlling the flow of oil or gas in a pipeline. However, they are also vulnerable to disturbances. According to the ICS-CERT “Monitor,” a publication of the Department of Homeland Security, a third of the 245 reported cyber incidents in industrial control systems that happened in 2014 occurred in the energy sector.

CREDC will work to make these systems more secure and resilient. In the cyber world, “security” refers to the ability to keep data confidential and uncorrupted, while “resiliency” is the ability to withstand attacks, provide an acceptable level of service in the midst of an incident, and recover quickly following an attack.

Areas of focus will include cyber protection technologies; cyber monitoring, metrics, and event detection; risk assessment of EDS technology; data analytics for cyber event detection; resilient EDS architectures and networks; and the impact of disruptive technologies, such as the Internet of Things and cloud computing, on EDS resiliency.

In addition, the consortium will look at business aspects of cyber resiliency. A major impediment to more resilient systems is the cost of upgrading legacy equipment. Researchers will analyze the return on investment in new technology and design models that will help businesses choose the most cost-effective, high-impact solutions.

The goal, Nicol says, is to create a pipeline through which foundational research will lead to applied research and development, which in turn will result in technology that is effective and affordable and can be implemented quickly in the field. The consortium will collaborate with industry partners—ranging from Fortune 500 companies like Honeywell, to utilities such as Illinois-based Ameren—to accelerate the tech transfer process.

Illinois has deep roots in EDS resilience, particularly in the area of electric power. CREDC is a successor to two earlier initiatives:

Trustworthy Cyber Infrastructure for the Power Grid project, a $7.5 million initiative funded in 2005 by the National Science Foundation with support from the Department of Energy and Department of Homeland Security;

Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) project, an $18.4 million initiative launched in 2009 by the DoE’s Office of Electricity Delivery and Energy Reliability with support from the DHS’s Science and Technology Directorate’s Cyber Security Division.

With CREDC, Illinois and its partner institutions will broaden the research scope to include the oil & gas industry as well. While both fields face similar problems from a technical perspective, the dynamics can play out in vastly different ways. An attack on the power grid can create a regional blackout in a matter of seconds, while pipeline incidents tend to be more localized, but with potentially far more devastating consequences.

“The challenges of the next five years are not fully understood,” said Carl Hauser, associate professor of electrical engineering and computer science at Washington State. “CREDC is a long-term commitment by the Department of Energy to find the problems and solve them.”