CyOTE: Cybersecurity for Operational Technology Environments

Incorporating context for better threat detection
Tools

Capabilities to Identify Cyberattack Techniques within Operational Technology (OT) Environments

Fact Sheet

The Department of Energy’s Cybersecurity, Energy Security, and Emergency Response Office (CESER) has partnered with Idaho National Laboratory (INL) to lead a research initiative, called CyOTE, that addresses energy sector cybersecurity threats against operational technology (OT) environments. Through coordinated research with the national lab complex and energy sector companies, researchers analyze ICS/OT attack surfaces, develop new capabilities to evolve the national OT Cybersecurity posture, and share information about adversarial tactics and techniques. CyOTE improves the sector’s ability to detect and respond to anomalous behavior that indicates potential malicious activity in OT networks.

Why is CyOTE Important?

OT applications, radio frequency (RF) environments, OT supporting infrastructure and connecting wired and wireless networks are increasingly becoming targets of cyberattacks. These attacks can have devastating consequences, such as disruption to energy supplies, damage to critical infrastructure, significant financial loss, and risk to human life. CyOTE can be used as a methodology and a suite of supporting tools to aid in the protection of OT networks in the energy sector.

What are the Benefits of CyOTE?

  • CyOTE provides a number of benefits to the energy sector, including:
    • Increased awareness of OT cybersecurity threats and attack surface
    • Enhancing threat detection capabilities for continuous improvement
    • Access to shared information about adversarial tactics and techniques that is identified in historical compromises
    • Opportunities to collaborate with other energy sector organizations on cybersecurity

 

Tools and Technology Development 

Contact Us

Disclaimer: By requesting / accessing these free tools, you agree that you will not use or modify the tool(s) for commercial purposes.

Research Papers/Case Studies

Registration required for access to full content (coming soon)

Contact Us
Industroyer2 and Wiper Malware Targeting Ukrainian Energy Provider
2022
BlackMatter Ransomware Attack on New Cooperative
2021
Conti Ransomware Attack on the Health Service Executive
(HSE) 2021
Darkside Ransomware Attack on Colonial Pipeline
2021
JBS Foods Ransomware Attack
2021
Remote Access Attack on Oldsmar Water Treatment Facility
2021
Ryuk Ransomware Attack on Universal Health Services (UHS)
2020
SolarWinds Software Supply Chain Compromise Against a U.S. Energy Provider
2020
EKANS Ransomware Attack on Honda
2020
Mumbai Power Outage – Reliability Failure Exposes Malware Intrusion
2020
DoppelPaymer Ransomware Attack on Petroleos Mexicanos (PEMEX)
2019
Kansas Water Utility Insider Cyber Attack
2019
LockerGoga Ransomware Attack on Norsk Hydro
2019
NotPetya Malware Attack on AP Moller-Maersk
2017
Shamoon Malware Campaign Against Sadara Chemical Company
2017
Triton Malware Attack Against Petro Rabigh
2017
WannaCry Ransomware Attack on Renault-Nissan
2017
WannaCry Ransomware Attack on Renault-Nissan
2017
Conficker Infection of Gundremmingen Nuclear Power Plant
2016
Ukraine Energy Sector Cyber Attack
2015
Cyber Attack on Thyssenkrupp Blast Furnace
2014
Use of Havex Against a U.S. Manufacturing Facility
2014
Night Dragon Campaign
2007-2011
Baku-Tbilisi-Ceyhan (BTC) Pipeline Explosion in Refahiye, Turkey
2008
SQL Slammer Worm Infection of Davis-Besse Nuclear Power Plant
2003
Insider Attack on the Maroochy Shire Sewerage Control System
2000