Blog

The Wurldtech Labs team has been working tirelessly over the past month since announcing the creation of the Center of Excellence for Energy Infrastructure Protection to select and construct the first research project based on end-user member feedback. In case you don’t know, the Center of Excellence is a consortium effort started by Wurldtech at the request of some of the world’s largest energy sector stakeholders (Electric Utilities, Oil & Gas) who felt under served by current public / private sector organizations and underrepresented in the general control systems security discourse. The effort, which is located at the University of British Columbia, is funded solely by energy industry end-users, focuses on creating three distinct business units:

1. Security Interoperability Testing & Certification Facility: Full scale control / safety system network architectures as well as fully integrated Smart Meter / AMI networks designed to provide a representative test bed to enable real world security, interoperability testing & certification of devices, systems and networks.
2. Online Knowledge Portal: A Web-based and interactive information sharing and education portal designed to centralize cyber security information relevant to the energy sector to ensure that information is delivered to the community in a consistent and systematic manner.
3. Applied Cyber Security Research Team: An interdisciplinary team of international subject matter experts, academic researchers, technologists and control engineers, centrally managed and working on projects selected from a roadmap driven specifically by the energy sector end-users.

And follows three guiding principles:

1. Energy Industry Focused: The effort focuses solely on the needs of global energy industry stakeholders from the various domains (Electric Power, Nuclear, Oil & Gas)
2. End User Driven: Training & education program content, research activities and product road maps are all driven specifically by the needs of energy sector end-users.
3. Solution Oriented: All output will be guided by private sector practices resulting in commercialized products with strong value propositions for end-users and delivered through simple business models to create the most value from applied research.

The first project will see the development of an online training and workplace learning program designed to improve general industrial cyber security awareness of key concepts and best practices in order to bridge the divide between IT and automation professionals. With one of the most pervasive cyber security challenges today being the information / communication gap between IT and control resulting from disjointed corporate structures, cultural differences and overall attrition in the energy sector, this training program will provide a standardized awareness for old and new employees alike at a level accessible to a wide audience.

The training program will be delivered through the centre’s knowledge portal, which will be launched in conjunction at the end of Q4/09, and has six distinct value propositions for the community:

Industry Driven Content: The entire process, from subject matter content to the delivery model has been reviewed and approved by energy industry end-users. This ensures alignment to actual need and eliminates vested interests by third parties (vendors, consultants, and government agencies) which typically results in unnecessary delays and reduced overall value.

Adopted & Supported By Leading Energy Companies: The training program has already been approved and endorsed by some of the world’s largest energy stakeholders, such as BP and Shell.

Functional Cyber Security Certification Alignment: The training aligns with the Achilles Cyber Security Certification Program - which provides cyber security benchmarks for company processes and products in line with emerging standards such as ISA SP99. This provides organizations with an additional level of assurance that the training their employees receive fits into a functional security paradigm consistent amongst all stakeholders (Vendors, Integrators and Operators) and share a common vernacular.

Improved Business Model: Many cyber security training programs exist but are difficult to find and even more difficult to administer, manage and track. This program is designed with rigorous course content complete with required pass/fail criteria and delivered through a web-based knowledge portal which automatically manages both individual and group progress, student statistics, and provides company wide results in easy to use executive dashboards.

Regulatory Requirements Alignment: The training program is designed to satisfy current and emerging standards and regulatory requirements such as NERC CIP 004.

Free For Center Members: If your organization is an funding member, then the course will be offered online to your company, free of charge, with unlimited access.

If you would like to get involved and participate in this project please contact the Wurldtech Labs team at wurldtechlabs@wurldtech.com.