Leveraging strategic partnerships and facilities and analytic capabilities at six National Laboratories to test cyber resilience of energy technologies.

CyTRICS partners across stakeholders to identify high priority operational technology (OT) components, perform expert testing, share information about vulnerabilities in the digital supply chain, and inform improvements in component design and manufacturing. CyTRICS leverages best-in-class test facilities and analytic capabilities at six DOE National Laboratories and strategic partnerships with key stakeholders including technology developers, manufacturers, asset owners and operators, and interagency partners.

CyTRICS Program Supports:

Supply Chain Executive Orders
National Defense Authorization Act of 2020 (Sec. 5726 Pilot Program)
Multiple critical infrastructure sub-sectors, including electricity, oil & natural gas, wind and other renewables, hydroelectrics, and other federal partners
Commercial partners for testing

Innovative Components

Prioritization Methodology
An approach to prioritizing OT components for testing that incorporates key factors including operational impact, prevalence, and national security interest. This approach provides a strategic, transparent rationale for testing components that optimizes security impact.

Standardized Testing Process
DOE has developed and refined a standardized approach to enumerating and vulnerability testing firmware and software subcomponents. Standardization ensures consistency, repeatability, and comparability of results, to scale up testing and automation across Labs and partners.

Standardized Reporting and Repository
CyTRICS captures testing results in a standard, bill of materials format that captures granular “digital ingredients” to the subcomponent level, to rapidly identify embedded high-risk components and subcomponents. The program features a central repository of testing results for comprehensive, sector-wide analysis of systemic risks and vulnerabilities.

Vendor Agreements
CyTRICS partners with top manufacturers and utilities in the sector to sign participation Agreements to frame mutual cooperation prior to conducting testing. The standard agreement establishes types of software and firmware testing to be performed, timely disclosure of vulnerabilities identified during testing, and coordinated disclosure of vulnerability information with impacted asset owners, federal agencies, and energy sector stakeholder.

CyTRICS Highlights

Sixth Industry Partner – Rockwell Automation – Signs on to the Department of Energy’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS™) Program

February 29, 2024

CESER welcomes Rockwell Automation as the sixth industry partner to the CyTRICS program to test critical energy infrastructure components for cybersecurity vulnerabilities.

DOE Announces New Partnership with Westinghouse to Enhance Energy Supply Chain Security and Resilience

February 1, 2024

CESER announced a collaboration with Westinghouse Electric Company to test for potential cyber vulnerabilities in one of the company’s Instrumentation and Controls (I&C) systems used for nuclear applications

DOE CESER Helps Fortify the Energy Sector’s Digital Supply Chain with GE Gas Power

May 10, 2023

GE Gas Power is the fourth equipment manufacturer to provide critical electrical grid components to test under the Department of Energy’s Cyber Testing for Resilient Industrial Control System program

Software emerges as risk

November 14, 2022

Open source to open door
By Christian Vasquez

Industrial Control System Advisory (ICSA-21-075-02) – General Electric Universal Relay family

November 14, 2022

This contains vulnerabilities reported to GE by the CyTRICS program, including high-impact vulnerability, CVSS 9.8.

Hitachi Energy and INL Testing of Relion® 670 Series’ RED670

November 11, 2022

Hitachi Energy and the DOE CESER CyTRICS program partnered to perform component enumeration and vulnerability testing of a Relion® 670 Series’ RED670

View All Highlights

Announcements

DOE Announces New Partnership with Westinghouse to Enhance Energy Supply Chain Security and Resilience

The U.S. Department of Energy (DOE)’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) today announced a collaboration with Westinghouse Electric Company to test for potential cyber vulnerabilities in one of the company’s Instrumentation and Controls (I&C) systems used for nuclear applications.

By Department of Energy | 2/1/2024

The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) welcomes Rockwell Automation as the sixth industry partner to the CyTRICS program to test critical energy infrastructure components for cybersecurity vulnerabilities.

By Department of Energy | 2/29/2024

CyTRICS Partnerships

CyTRICS leverages strategic partnerships that enable DOE to evaluate software and firmware in energy sector equipment. These partners work with the CyTRICS team to identify and mitigate cybersecurity vulnerabilities in the supply chain. This work is helping to ensure the integrity and reliability of critical system components nationwide.

Learn More

Learn More About CyTRICS Partnership Opportunities

Learm more about how DOE's CyTRICS Program is engaging in public-private partnerships to identify and mitigate cybersecurity vulnerabilities in the supply chain, helping to ensure the integrity and reliability of critical system components nationwide.

CyTRICS: Cyber Testing for Resilient Control Systems

Leveraging strategic partnerships and facilities and analytic capabilities at six National Laboratories to test cyber resilience of energy technologies.

Innovative Components

CyTRICS Highlights

Announcements

DOE Announces New Partnership with Westinghouse to Enhance Energy Supply Chain Security and Resilience

Sixth Industry Partner – Rockwell Automation – Signs on to the Department of Energy’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS™) Program

The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) welcomes Rockwell Automation as the sixth industry partner to the CyTRICS program to test critical energy infrastructure components for cybersecurity vulnerabilities.

CyTRICS Partnerships

Learn More About CyTRICS Partnership Opportunities

Cybersecurity for the Operational Technology Environment (CyOTE)

Cyber Testing for Resilient Industrial Control Systems (CyTRICS)

Operational Technical Defender Fellowship (OT Defender)

Securing Energy Infrastructure Executive Task Force (SEI ETF)

Energy Sector Software Bill of Materials (SBOM)

CyTRICS: Cyber Testing for Resilient Control Systems

Leveraging strategic partnerships and facilities and analytic capabilities at six National Laboratories to test cyber resilience of energy technologies.

Innovative Components

CyTRICS Highlights

Announcements

DOE Announces New Partnership with Westinghouse to Enhance Energy Supply Chain Security and Resilience

Sixth Industry Partner – Rockwell Automation – Signs on to the Department of Energy’s Cyber Testing for Resilient Industrial Control Systems (CyTRICS™) Program

The Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) welcomes Rockwell Automation as the sixth industry partner to the CyTRICS program to test critical energy infrastructure components for cybersecurity vulnerabilities.

CyTRICS Partnerships

Learn More About CyTRICS Partnership Opportunities

Federal Sponsor

Participating Laboratories

Related Programs

Cybersecurity for the Operational Technology Environment (CyOTE)

Cyber Testing for Resilient Industrial Control Systems (CyTRICS)

Operational Technical Defender Fellowship (OT Defender)

Securing Energy Infrastructure Executive Task Force (SEI ETF)

Energy Sector Software Bill of Materials (SBOM)