The Department of Energy's (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) signed a formal agreement with Schneider Electric as the first equipment manufacturer for DOE's Cyber Testing for Resilient Industrial Control System program (CyTRICS). CyTRICS enables DOE to evaluate software and firmware in energy sector equipment to identify and mitigate cybersecurity vulnerabilities in the supply chain, helping to ensure the integrity and reliability of critical system components nationwide.
Global technology supply chains are increasingly diverse and complex, resulting in changes in the overall risk for energy systems that support our national defense, vital emergency services, and critical infrastructure. Through CyTRICS, CESER connects equipment manufacturers, vendors, and utilities who voluntarily submit equipment for testing – with state-of-the art, intelligence-informed analytic capabilities from the National Laboratories to confirm the security of software and firmware. Under CyTRICS, CESER directs cyber vulnerability testing and component enumeration, shares findings with manufacturers to develop mitigations, and alerts industry stakeholders using impacted components so they can address flagged issues in their deployed systems. Components with high impact, prevalence, and national security interests are prioritized for testing and analysis.
Schneider Electric is the first equipment manufacturer to sign a formal agreement and provide hardware and software components under CyTRICS. As one of the leading energy equipment manufacturers and software developers in the world, Schneider Electric sets a strong industry example with their participation and cooperation in this domestic and international cybersecurity effort. Full scale testing is scheduled to launch in the second quarter of fiscal year 2021.