Historically, electrical, HVAC and water systems were not connected to the internet and did not have to abide by cybersecurity regulations. Often termed ICS or OT, these devices were focused more on availability. This changed in 2015 when the DoD adopted the RMF National Institute of Science and Technology (NIST) Special Publication (SP) 800-82 Rev. 2, Guide to ICS Cyber Security, to cyber secure these systems. Then in 2018, DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting, also required the use of NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations, to cybersecure organizational IT systems that host, transmit or store DoD data such as blueprints, network design, energy consumption, measurement/verification (M&V), manuals, specifications, etc.
Additionally, with several memoranda coming out of DoD recently, including the Assistant Secretary of Defense (ASD) Energy Savings Performance Contracts (ESPCs) and Utility Energy Service Contracts (UESCs) Policy Memo 11-2018 and the Under Secretary of Defense (USD) A&S Supplemental UP Guidance (07 Feb 2019), it is even more critical that companies stay ahead of ever evolving requirements and regulations, as these documents now require that all current, renewing and new contracts meet these various cyber security requirements (most importantly the 7012) which includes all DoD contractors / subcontractors, to lock down their systems.
ESPCs/UESCs must include a cybersecurity plan for energy conservation measures and energy resilience projects that include the installation/modification of OT, which encompasses Platform Information Technology (PIT), Control Systems (CS), or FRCS.
Variety and velocity of global threats continue to rapidly evolve. It is now undeniable that the homeland is no longer a sanctuary and that potential attacks against our critical defense, government, and economic infrastructure must be anticipated and mitigated. Maintaining access to reliable, resilient, and cybersecure energy resources, generation assets, distribution infrastructure, and facility-related controls and data is critical to DoD’s mission execution.
As experts in analyzing energy from a security and cyber aspect, Peregrine conducts Energy Security studies, identifying threats and vulnerabilities to the power supply, then propose risk mitigation strategies, tying operational energy risks to mission impacts in order to help inform and prioritize mission resilience and renewable energy measures. Through this work, we have investigated and written cyber energy security requirements for the DoD, DPA, and EPS. Specifically, Peregrine served as the prime contractor to the Office of the Assistant Secretary of Defense Operational Energy Plans and Programs (OASD/OEPP), the Deputy Assistant Secretary of the Air Force (Energy) (SAF/IEN), and the Deputy Chief of Staff of the Air Force for Intelligence, Surveillance, and Reconnaissance (AF-A2), and also supports the US Navy, CNIC Energy Branch (N441) with a Renewable Energy SME on a separate task order.
We look forward to providing similar services to your organization.