Cybersecurity Chad Schell Technology Manager Advanced Manufacturing Office

Cybersecurity Chad Schell, Technology Manager Advanced Manufacturing Office AMO Peer Review June 2020 | Washington, DC U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY manufacturing. energy. gov 1

Cybersecurity Background Ø Historically, AMO has addressed the crosscutting topic of cybersecurity as a component of other advanced manufacturing research Ø Frequency and sophistication of cyber attacks on manufacturers continues to grow each year Ø Manufacturing firms are relying on increased automation, including remote sensing and connected systems to improve operational and energy efficiencies, product quality, and global competitiveness Ø Increased reliance on connected systems integrated throughout the supply chain increases cyber vulnerabilities and the risk of cyberattacks. Ø Recognizing the changing dynamics in the cybersecurity threats in manufacturing, AMO is implementing a stronger and more coordinated approach Ø AMO is looking to generate impacts that Ø Accelerate cybersecurity resilience of the operational technologies manufacturers use Ø Increase cybersecurity awareness of U. S. manufacturers. Ø Cybersecurity importance recognized and conveyed through Ø White House National Cyber Strategy and budget priorities Ø EERE priorities Ø Appropriations U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 2

Cybersecurity Challenges and Barriers Ø AMO is currently focused on a number of cybersecurity challenges: Ø Automation: Increased automation grows the operational space where humans are not in the loop, potential vulnerabilities and intrusions can go undetected. Ø Complex Supply Chains: Suppliers of equipment, materials, and end-products in many manufacturing industries can span the globe, creating many opportunities for attacks that are not solely under the purview of one entity. Ø Information sharing: Cybersecurity can only improve if information about vulnerabilities, intrusions, and mitigations are shared across the community. There are many incentives for manufacturers not to share or seek out such information. Ø Rapidly evolving landscape: With new vulnerabilities and mitigations being discovered/developed daily, it is challenging to develop and implement cybersecurity that is adaptable and can remain up-to-date. The application of artificial intelligence and cognitive computing for cybersecurity, holds a promise in addressing this evolving landscape. Ø Barriers are evolving, changing, and emerging. AMO is evaluating and prioritzing which where to focus. U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 3

Technical Topic Objectives and Targets OBJECTIVE Advance energy-efficient, cost-effective, and widely applicable technologies and methods for cybersecurity in manufacturing TARGETS 1. Achieve recorded adoption of cybersecurity standards and best practices by over half of U. S. manufacturers. 2. Double the annual number of Coordinated Vulnerability Disclosures (CVDs) involving manufacturers. 3. Increase overall energy efficiency in manufacturing processes through secure process automation. 4. Reduce the overall cost of implementation of state-of-the-art cybersecurity measures applicable to the manufacturing sector. 5. Reduce the mean time-to-detect and time-to-recover from cyberattacks by half. U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 4

Cybersecurity Current Portfolio Ø Enhanced Preparation for Intelligent Cybermanufacturing Systems (EPICS) Ø Georgia Institute of Technology Ø July 2018 to June 2023 Ø $2. 5 M DOE, $1. 5 M Cost Share Ø Industrial training, academic training and target projects Ø Leverages industrial partners for research projects, interns, outreach and dissemination Ø Selected 6 th AMO Institute Ø Cybersecurity in Energy Efficient Manufacturing Ø Selection announced May 20, 2020 Ø University of Texas at San Antonio (UTSA) Ø 5 year effort Ø Estimated $70 M DOE, $41 M Cost Share Ø Negotiations underway U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 5

Cybersecurity Institute Ø Focus is early-stage R&D to advance cybersecurity in energy-efficient manufacturing Ø Manufacturing connectivity is increasing quickly with the implementation of next generation approaches Ø Two Major Focus Areas: Ø Securing Automation Ø Securing the Supply Chain Ø Institute outcomes and goals required by AMO include: Ø Specific energy efficiency goals unique to cyber-secure process controls that enable greater manufacturing energy efficiency Ø National consortium in early stage applied R&D for reducing risk and improving cybersecurity preparedness, response, and recovery Ø Establish and support a shared R&D infrastructure to address cybersecurity vulnerabilities, risks and implement mitigations Ø Increase awareness and implementation of cybersecurity best practices for a more secure and energy-efficient manufacturing sector Ø Be financially self-sustaining after five years Ø Establish an Education and Workforce Development (EWD) program Ø Industry and stakeholder input will be gathered on a roadmap of research priorities U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 6

Cy. Man. II Ø UTSA will lead a strong team for the Cybersecurity Manufacturing Innovation Institute (Cy. Man. II) Ø 14 university, 3 national lab, and 10 industry managing partners Ø https: //cymanii. com/ Ø Cy. Man. II approaches and innovations include: Ø Cyber-manufacturing measurement and verification 2. 0 Ø Real-time tracking and dynamic optimization of energy use enabled by converting from manual meter-based analysis to automated meter/sensor analytics Ø Intelligent Efficiency Ø Energy Efficiency that is realized by integration of information and communications technologies Ø Secure Manufacturing Architecture Ø “Secure by design” approach to achieve cybersecurity that is energy efficient, Pervasive, Unobtrusive, Resilient, and Economical ( -PURE), ultimately ensuring U. S. manufacturing competitiveness. Ø Working with DOE to hit the ground running U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 7

Cybersecurity Collaborations Ø AMO is ramping up it’s collaborative interactions and approach to cybersecurity Ø Partnership with DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) Ø Coordination and innovations that support all EERE Technology Offices Ø Work to build partnerships with other Federal agencies, including: Ø NIST Ø DOD Ø AFRL Ø Exploring others U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 8

EPICS Accomplishments/Successes Ø Industrial training with 2 -year industrial driven projects for Masters students Ø Academic training in embedded systems, processing modeling, data science and cloud Ø Target projects for sensor retrofit, processing monitoring, root cause analysis, sensor fusion Ø 16 fellows to date Ø Examples of projects include analytics, anomaly detection, process qualification, automated defect detection Ø Strong industry collaborations Ø Developed and piloted new digital manufacturing course work Ø COVID response rapid innovation projects for face shields U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 9

Cybersecurity Accomplishments/Successes THANK YOU! U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 10

Backup Slides U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 11

Cybersecurity Importance and Recognition Ø 2018 Trump Administration released a National Cyber Strategy https: //www. whitehouse. gov/wp-content/uploads/2018/09/National-Cyber-Strategy. pdf Ø FY 19 Administration budget priorities Ø Agencies should invest in R&D to increase the security and resilience of the Nation’s critical infrastructure from both physical threats and cyber-attacks, which have increased rapidly in number and complexity in recent years Ø Cybersecurity is an EERE Priority Ø The cybersecurity of the energy sector is a priority for the Department. EERE Offices are working to accelerate cyber resilience R&D of EERE operational technologies, which are critical to transportation, buildings, renewable power, and manufacturing. This includes ensuring new technologies are designed with cyber security as a requirement. Ø FY 20 appropriations: Ø “The Committee believes cybersecurity vulnerabilities must be addressed as renewable energy technologies enter the marketplace. The Committee also believes there is a gap with respect to distributed generators and behind-the-substation generators, storage, smart buildings technologies and electric vehicles where the potential for cyberattacks will continue to grow and threaten the modern grid. Within funds recommended for EERE, not less than $20, 000 is recommended to bring cybersecurity into early-stage technology research and development so that it is built into new technology. ” U. S. DEPARTMENT OF ENERGY OFFICE OF ENERGY EFFICIENCY & RENEWABLE ENERGY 12