DOE Funds Cyber Attack Prevention Program For Utilities

The Department of Energy, as part of the Cybersecurity Risk Information Sharing Program (CRISP), awarded Norse Corp. a $1.9 million contract to give utilities within the program early warning of potential cyberattacks.  Since 2010 the Department of Energy has invested more than $150 million in cybersecurity research, development and commercialization projects led by industry, universities and national labs.

Norse runs a network of eight million sensors and crawlers that continuously analyze Internet traffic to identify compromised hosts, malicious botnets and other sources of digital attack. The network, located in data centers in 50 countries, also contains honeypots that emulate electrical industrial control systems, to lure in adversaries and determine which nation-states are probing certain types of software in the electric grid.

The announcement between CRISP and Norse marks the latest support by the federal government for platforms that facilitate cyberthreat information sharing between organizations. It also comes as Norse itself fends off a distributed denial of service attack against its own servers.

CRISP began over the past several years as a small DOE-funded pilot with five electric sector companies to help facilitate two-way sharing of unclassified and classified threat information. Previously utilities had complained that the government was not doing enough to share threat intelligence. In August, the CRISP program transitioned to an industry-managed and funded public-private partnership, managed by the Electricity Sector Information Sharing and Analysis Center, according to an October 31 blog post.

For utilities, having bigger picture threat information is quite useful.  There are some concerns about the type of information utilities are asked to share in CRISP, such as internal email and Web searches by employees. Municipal utilities can’t afford to hire cybersecurity experts, so access to the data Norse provides can be helpful in preventing a massive breach.

The contract with Norse is intended to give utilities access to early indicators of threats before they land in an energy company network. Norse will integrate its live attack intelligence with hardware from network security company FireEye Inc. to provide live threat analysis of traffic within and outside of the networks of energy companies participating in CRISP.

While there are other threat intelligence services, Norse differentiates itself in terms of the scale and velocity of information it can process. The company is registered as an Internet service provider (with only one customer, itself) but it processes data on a similar scale to a tier 1 ISP. It is in 50 countries, in 200 data centers and processes 160 terabytes of traffic per day.

Distributed Denial Of Service (DDOS) attacks try to flood a target’s servers with Internet traffic in order to knock it offline. (WSJ,  11/6/2014)