And the Energy Department leads a cultural transformation effort focused on those critical functions. “There’s a national level effort, driven by DoE, supported by us, to instill these principles of cyber-informed engineering at all levels, from education to the current workforce,” he said, adding that cyber-informed engineering is a four-step process.
Current Cybercore efforts include supporting the Energy Department’s Office of Cybersecurity, Energy Security and Emergency Response (CESER), which is tasked with strengthening the security and resilience of the U.S. energy sector from cyber, physical and climate-based risks and disruptions. “That’s our main interface at DoE. And they throw a lot of tasks our way,” Cramer said.
One of those tasks is ensuring that the infrastructure for the blooming electric vehicle market is secure from cyber attacks. “Electric vehicles are becoming more and more prevalent and deployed. As they are, there are going to be more of these fast-charging stations that you’ll see in the parking lots of Walmart and coffee shops and other things across the nation. We’re busily developing that infrastructure.”
The cyber threat encompasses more than individual charging stations. “You’re plugging your car into these things. That’s plugged into the grid. There are a lot of vulnerabilities that the government is worried about that we need to focus on,” Cramer said, adding that Cybercore works with the Pacific Northwest National Lab on the effort. “Our experts [are] all working together to take a look at those fast-charging stations and how adversaries might use those as attack vectors or information collection vectors from either the vehicles themselves or from the grid or vice versa.”
He also cited CyTRICS, or the Cyber Testing for Resilient Industrial Control Systems program, as another ongoing effort, another CESER program. Companies that own part of the country’s critical infrastructure, or the systems that run it, can have those systems tested through the program. “Imagine you’re somebody in the electric industry, and you’ve got a bunch of equipment that’s making the grid work. CyTRICS takes a look at that equipment that’s used across the grid ubiquitously. We bring it into our labs, break it down, find out what all the subcomponents are, who’s delivering those subcomponents, and what the vulnerabilities are,” Cramer illustrated.
The program also can check systems for chips made in China or elsewhere. “We want to make sure that we understand where those chips come from, that they’ve got all the right stuff in them. The supply chain is something that’s vulnerable,” Cramer said.
He pointed out that other national labs, such as Lawrence Livermore, Oak Ridge, Pacific Northwest, Sandia National Lab and the National Renewable Energy Lab, bring “their separate skills to bear on this supply chain threat.” Additionally, several vendors—Schweitzer Engineering, Schneider Electric, Westinghouse, Hitachi, GE Gas Power and ROCKWOOL—have agreed to participate in the program. “Six U.S. industry partners allow us to grab some of their equipment, bring it into our labs and find these vulnerabilities. When we do, we share the results among all of those companies so they can benefit from what we’re doing.”
Cybercore also works with the Defense Department, U.S. Air Force, and the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency on an open-source network traffic analysis tool suite known as Malcolm. It is designed to be easily deployable and to make network traffic analysis accessible to many in both the public and private sectors as well as to individual enthusiasts.
“It’s free. It’s easy to use. It’s a tool suite that industry uses, Department of Defense uses. It’s a way to help protect yourself with a lot of tools—analytic tools to help identify intrusions, monitor traffic and so forth—that you can find online and download. It’s really a great thing that we use quite a bit. It’s being used in Germany, Australia, Ukraine, other places as well,” he said.
When Cramer accepted the director position about a decade ago, Cybercore was known as the Mission Support Center and was a much smaller organization with about 30 workers. Now, it boasts about 240 staffers and an 80,000-square-foot building with 20 different labs and an 890-square-mile cyber range with a full electric grid.
More importantly, Cybercore has earned a sterling reputation for cybersecurity expertise, Cramer indicated. “I have not found a technical cyber challenge that my team cannot crack or fix.”