DHS Invests $5.9 Million into Cyber Training Tool for Energy Sector

The Homeland Security Department is funding a new immersive cyber-training platform equipped with simulation-based scenarios and exercises aimed at protecting the nation’s energy sector.

The department’s Science and Technology Directorate announced it’s awarding $5.9 million to the Norwich University Applied Research Institute to expand a training tool used by the financial services sector to organizations in the energy sector. Distributed Environment for Critical Infrastructure Decision-Making Exercises, or DECIDE, is an interactive platform that allows players to practice cyber-threat response tactics in an immersive online environment before real-life crises occur.

“DHS S&T is committed to investing in the security of our nation’s critical infrastructure, and that includes ensuring that organizations are properly trained to recognize and respond to potential cyber threats,” William Bryan, senior official performing the duties of the undersecretary for science and technology, said in a statement. “We are excited to soon make this proven platform available to even more of our private sector partners.”

The tool is designed to help users enhance communication during high-stress events and better understand the systemic implications of their choices through conducting collaborative, realistic, scenario-based simulations that feed the consequences of participants’ actions back into the exercises.

NUARI’s President Philip Susmann told Nextgov the organization began creating the original DECIDE in tandem with the financial sector almost a decade ago. Exercises, such as reacting to bad payments flowing into a stakeholder-owned bank, aimed to measure the response and impact of different high-risk scenarios. Susmann said the tool seeks to demonstrate that cybersecurity incorporates much more than just protecting one’s own network, but instead is a “team sport” that requires support from multiple organizations within a value chain.

While “players” from various organizations participate in the activity, their responses are confidential to their own organization. But Sussman said the exercises also provide holistic insight into what the individual organizations’ impacts are on the sector or market as a whole.

“In many ways, what DHS is looking for from this activity is engagement with the energy sector in a very similar way [to the financial sector’s engagement], so that you have multiple organizations that participate in business-based simulations that allow them to then build and create sector-based responses to cyber exercises,” Susmann said.

Interested energy participants have not yet been released and are protected by a non-disclosure agreement, but Sussman said stakeholders, such as “large scale energy electrical distribution and generation firms and folks within oil and gas,” have indicated that they would play.

Susmann also said the platform and the new large-scale simulations that’ll be developed will improve readiness to combat threats across the energy sector without completely exposing individual security flaws in the process.  

“This is just really important for our resilience as a country,” he said.

S&T program manager Greg Wigton told Nextgov that initial test exercises should begin in 12 months and the final tool is expected to be completed in 36.