Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10/2/2018
02:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Department of Energy Invests $28 Million to Advance Cybersecurity of the Nations Critical Energy Infrastructure

Funding to Support the Creation of More Resilient Energy Delivery Systems

WASHINGTON, D.C. –  Today, the U.S. Department of Energy (DOE) is announcing awards of up to $28 million to support the research, development, and demonstration (RD&D) of next-generation tools and technologies to improve the cybersecurity and resilience of the Nation's critical energy infrastructure, including the electric grid and oil and natural gas infrastructure. With funding provided by the Office of Cybersecurity, Energy Security, and Emergency Response’s (CESER) Cybersecurity for Energy Delivery Systems (CEDS) Division, research partnerships will create and make available innovative technologies that help prevent, detect, and mitigate cyber attacks. The teams will pursue innovative approaches such as redesigning the current architecture that exposes the energy grid to cyber threats so that existing and future energy delivery systems can detect adversarial actions and adapt to survive while continuing to support critical functions.

“Protecting the Nation’s energy delivery systems from cyber-threats is a top national priority,” said U.S. Secretary of Energy Rick Perry. “These awards will spur the next level of innovation needed to advance cyber resilience, ensuring that the Nation’s critical energy infrastructure can withstand potential cyber attacks while also still keeping the lights on.”

Each awarded project has a clear path to develop technology that will meet the energy sector’s stringent operational requirements of energy delivery systems that reduce cyber risks. These awarded projects advance the strategy articulated in the DOE Multiyear Plan for Energy Sector Cybersecurity to reduce cyber risks by pursuing high-priority activities that are coordinated with other DOE offices, across Federal agencies, and with energy owners and operators as well as key energy stakeholders in the private sector. A detailed list of the eleven projects is available HERE. Final award amounts are subject to negotiation.

To date, the CEDS program has developed and transitioned 35 technologies to the energy sector by partnering with industry, cybersecurity vendors, academia, and National Laboratories as highlighted in the report CEDS R&D: From Innovation to Practice – Redesigning Energy Delivery Systems to Survive Cyber Attacks. Today’s investment continues DOE's long history of working closely with public and private partners to advance the shared vision of resilient energy delivery systems that are designed, installed, operated and maintained to survive a cyber incident while sustaining critical functions.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...