Abstract
The energy industry is embarking upon an infrastructure transformation that will result in a national
power grid that is more intelligent, robust, resilient, and secure. While the final form will not be known
for quite some time, clearly a smarter grid will make better use of information. Whether an electric
utility is making real-time adjustments in response to changing load conditions, or commercial and
private consumers are making better choices, the timely availability of this information will become
increasingly critical. Ultimately, the overall efficiency, reliability, and resilience of the grid is
inextricably linked to information. Unfortunately, "the electric power sector is second from the bottom
of all major U.S. industries in terms of R&D spending as a percentage of revenue, exceeding only
pulp and paper [Amin2011]." Moreover, U.S. officials worry that cyber-spies could use their
[demonstrated] access to shut down the grid or take control of power plants during a time of crisis or
war [CIO09, WSJ09].
Protecting and trusting information is not unique to the grid. Indeed, the information security market
is worth tens of billions of dollars, almost exclusively in cyber security products and services. Yet,
solutions designed for the Internet are often not appropriate for securing the energy grid, which has
a different set of priorities and communication needs. Any viable information security solution must
address those unique challenges and features.
The discussion at the CSIIR Workshop was primarily focused about the Energy Infrastructure Cyber
Protection (ENCyP) Initiative. ENCyP is a multidisciplinary strategic theme oriented on cyber
protection for the most critical and most vulnerable components of Energy Delivery System (EDS).
The initiative derived from ORNL's focus on energy and cyber-physical defenses. On this basis we
received just over 100 submissions stemming from both novel theoretical and empirical research
focused on the many different aspects of ENCyP. We encouraged the participation of researchers
and practitioners from a wide range of professional disciplines to ensure a comprehensive
understanding of the needs, stakes and the evolving context ENCyP. Topics included:
• Security assurance/interoperability for Energy Delivery Systems (EDS)
• Scalable/trusted control (cyber-physical) systems security
• Visual analytics for cyber security
• Next generation control systems vulnerability assessment
• Wireless Smart Grid security
• SCADA, EDS communications security test beds
• Use cases and attack scenarios for EDS
• Wide area monitoring, protection & control
• AMI, demand-response, distribution grid management security
• Electric transportation & distributed energy resources security
• Policy/standards driven architectures for EDS
• Anti-tamper device architectures
• Cryptographic key management for EDS
• Security risk assessment and management for EDS
• Insider and life-cycle threats
• Automated vulnerability detection
• Access control management and authentication services for EDS
• Secure information exchange gateway & watchdog switches
• Bio-Inspired technologies for enhancing EDS cybersecurity
A principle goal of the workshop was to foster discussions and dialog among the 210 registered
attendees from North and South America, Europe, Asia, and Africa. This goal was initiated and
facilitated by 8 plenary keynote addresses including our banquet and reception speakers. There
were also six invited speakers, including two panels of government and national laboratory
representatives. A total of one hundred and three papers (i.e., extended abstracts [EAs]) were
submitted involving over three hundred independent reviews from more than one hundred
reviewers. Thirty two percent of the papers that were submitted received two reviews while all of the
rest of the papers received three or more. Fifty-four EAs were accepted. Twenty-five posters were
invited. All of the EAs, presentations and posters are included in our proceedings. The subject areas
span the topics above and were organized into nine tracks: Security Assurance for EDS; Wide Area
Monitoring, Protection and Control; Security Risk Assessment; Malware; Cyber Physical Security;
Cryptographic Key Management; Use Cases and Attack Scenarios; Smart Grid Advanced
Concepts; and Anti-Tamper Devices and Architectures.