DOE teams with TECSys on infrastructure security
he U.S. Department of Energy's
The two organizations will update the TECSys ConsoleWorks console management system. The enhancements will be aimed at monitoring energy industry network devices, including servers, routers, switches and firewalls, as well as applications such as the outage management and energy management systems that utilities use, said Jim Davidson, consulting technical specialist at the INEEL in Idaho Falls.
"Our goal here is to develop methods to protect the critical [infrastructure] of the U.S.," he said. The pact allows TECSys to sell updated versions of ConsoleWorks.
One industry expert called for the effort to be expanded to ensure the security of the control systems themselves. Such systems help regulate the transmission of electricity and the flow of water and natural gas through the U.S. infrastructure by controlling basic functions, like flipping switches and opening valves.
"What really needs to be secured are the controllers and field devices that feed the operator workstations," said Joe Weiss, an executive consultant at KEMA Consulting in Burlington, Mass., and previously a control systems security expert at Electric Power Research Institute Inc. The control systems are quite different from IT systems like ConsoleWorks and energy management systems, he added.
"People are trying to apply IT systems to control systems without knowing what the actual security gaps are in control systems that need to be solved, and without realizing that those IT technologies or test procedures could impact control system operation," Weiss said.
Davidson said the INEEL is addressing the security of control systems by evaluating the capabilities of the energy industry IT systems they interface with.