New NSF-funded center to protect energy infrastructure from cyberattacks

One year ago, in May 2021, cyber criminals launched a ransomware attack on the Colonial Pipeline Co. that resulted in a six-day shutdown of the largest fuel pipeline in the United States, which carries gasoline, diesel, heating oil, and jet fuel from Texas to New Jersey. The disruption led to panic buying, long lines at gas stations, and price increases in several mid-Atlantic states. 

Although the crisis was short-lived, this event illustrates just how vulnerable our country’s energy infrastructure is. In fact, the Wall Street Journal reports that in 2020, U.S. energy companies experienced the third largest number of cyberattacks of any sector—up from ninth the prior year and right behind the financial and manufacturing industries.

Last August, the National Science Foundation awarded the University of Illinois and its partner schools, the University of Arkansas and Florida International University, a five-year $2.25 million grant through its Industry-University Cooperative Research Center (IUCRC) program to ensure secure, reliable, and resilient operation of the nation’s energy infrastructure.

“Any cyberattack that meaningfully disrupts any combination of the energy space, including electric, gas, water, telecommunications, and/or oil and gas infrastructure, would have a dramatic negative impact on our national economies and jeopardize human health and safety,” said Dominic Saebeler, senior associate director of the Information Trust Institute at Illinois. “Continuously researching and discovering new solutions to cyber-based risk is essential to current and future preparation, response, and recovery in the face of skilled and relentless threat actors.”

The Center for Infrastructure Trustworthiness in Energy Systems (CITES) will research and develop technology to prevent cyberattacks, rapidly detect attacks that do occur, enable robust infrastructure that continues to operate in the presence of such attacks, and quickly restores the nation’s energy infrastructure after an attack.

CITES includes a unique mix of member organizations and partners that fund research, collaborate, and advise academic research through an Industrial Advisory Board (IAB).  Such participants include Hitachi Energy, Red Trident Inc., Fortinet Inc., Electric Power Research Institute, American Petroleum Institute, Sandia National Lab, Idaho National Lab and the Pacific Northwest National Lab.  CITES is in continuous dialogue with other industry partners who are considering joining this IUCRC as members in its second year.

“The energy infrastructure is privately owned and operated,” said ECE Professor David Nicol, principal investigator of CITES and Information Trust Institute director. “It is absolutely essential to understand the perspectives of utilities, equipment manufacturers, and informed stakeholders if we are to address problems whose solution will have strategic and practical impact.”

In late 2021, CITES leadership and faculty met with the IAB to identify current and future security challenges facing the U.S. energy sector. Among the specific research projects they defined to address those challenges are: zero-trust networking, intra-layer security management, secure software development and lifecycle, interacting systems, energy system protection, and secure digital infrastructure for energy. 

In December 2021, CITES sent out a call for proposals across the three campuses. In late February, the IAB and CITES leadership teams met to evaluate proposals and select the first round of projects to fund.  Five proposals were selected with associated research beginning this month.  

The U of I has a rich history working in the energy security space. For example, Illinois plays a leading role in the Cyber Resilient Energy Delivery Consortium, a multi-institutional research endeavor funded by the Departments of Energy and Homeland Security. CREDC addresses the cybersecurity of power grids and oil & gas refinery and pipeline operations.

CREDC’s main objective is to ensure that nation’s energy delivery system sustains critical functions in the presence of disruptive events arising from cyberattacks and misconfigurations, and to rapidly recover from disruptions to full functionality.

CITES will expand upon those efforts and will be primarily run out of the Information Trust Institute (ITI) on the University of Illinois campus. ITI is a national leader in designing complex systems that deliver a predictable level of reliability, security, performance, and availability in key areas such as critical infrastructure, energy systems, testbed science, and systems and networking.