The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Center for Infrastructure Trustworthiness in Energy Systems (CITES)

The opinions, findings, and conclusions or recommendations expressed are those of the Center author(s) and do not necessarily reflect the views of the National Science Foundation.

Center Overview

The mission of the Center for Infrastructure Trustworthiness in Energy Systems (CITES) is to reduce threats to the nation’s power delivery systems by developing capabilities that can rapidly detect cyberattacks, enable infrastructure to continue to operate in the presence of such attacks, and quickly restore infrastructure after an attack.

Power and energy delivery systems — including electric power, oil and gas, energy markets, and the infrastructure supporting electric vehicles, smart buildings, and smart cities — depend increasingly on cybertechnology. Even legacy systems that use closed serial communications can be exposed to adversaries through networking, and are increasingly targeted by nation-states and independent actors. The threat to critical infrastructure is worldwide, with energy systems being of highest priority when it comes to the need for security.

CITES focuses on the trustworthiness of power and energy systems in developing security solutions specific to their protection, and increases the resilience, reliability, safety, and cybersecurity of these power delivery systems at the operational level in novel ways that expand on traditional IT system protection strategies.

CITES brings together uniquely qualified academic researchers in partnership with a diverse group of private sector stakeholders, trade associations, and national laboratories who share this vision. CITES is also creating a larger pool of students with training and skills in this area of national importance, and increasing the number of university faculty members who are able to make foundational contributions to trustworthy energy systems. To broaden diversity in the field, CITES recruits faculty members as well as graduate and undergraduate students from populations historically underrepresented in such work.

CITES aims to affect how decision-makers in energy view and make investments to improve the trustworthiness of their own infrastructures. Through its industrial interactions and outreach, CITES is helping create a larger cyber-savvy operational technology workforce. Together, CITES’s technical, educational, and outreach activities and innovations will have a broad and major impact on society and will provide collaborative opportunities to develop new technologies that support national security.

Universities

Florida International University
University of Illinois, Urbana-Champaign
University of Arkansas

View Center Website

Center Personnel

Dominic Saebeler
Industry Liaison
+1 217 300 6109
dsaeb2@illinois.edu

Osama Mohammed Ph.D.
Site Lead
+1 305 348 3040
mohammed@fiu.edu

Professor David Nicol
CITES Director and Principal Investigator
+1 217 244 1925
dmnicol@illinois.edu

Qinghua Li Ph.D.
Site Lead
+1 479 575 6416
qinghual@uark.edu

Research Focus

CITES pursues security-focused research across a range of areas that include:

Energy system protection: Advances software and hardware technologies for protecting energy systems from cyber malfeasance. This broad area includes intrusion detection tailored to energy systems, technologies for describing and analyzing cyberattacks, and defenses in energy systems.
Interacting systems: New systems meant to improve security are often designed without considering their interdependencies. The challenge is to identify techniques, methodologies, and analyses that help one to identify, consider, or forestall the risks attendant with introduction of new technology.
Intra-level security management: The classic Purdue model for operational technology (OT) systems defines multiple system levels (enterprise; demilitarized zone, or DMZ; operational and control; process; and physical). A level is often treated as a single security zone, with security policies (like Biba) imposed between them. However, better trust management is required within a level, for example, between remote terminal units (RTU) within the process layer.
Secure digital infrastructure for energy: Society is on the cusp of a new energy ecosystem, driven by requirements for efficiency and decarbonization as well as advances in energy sources, electric transportation, and market models. Realizing this vision will require a secure digital infrastructure for secure interoperability, trust relations among multiple stakeholder communities, secure and verifiable transactions, integration of nonconventional forms of generating energy at multiple grid scales, and secure cloud operations.
Secure software development and life cycle: Design and implementation flaws in software components are significant factors that lead to compromised computer systems. Security must be built in from the start, and part of that involves the methodologies and testing used in the development of that software, and throughout its entire life cycle.
Zero-trust networking: The fundamental idea behind zero-trust networking is to extend provenance, authentication, integrity, and policy checking to edge devices, which provide entry to the network.

Awards

2113819

IUCRC Phase I: University of Illinois at Urbana-Champaign: Center for Infrastructure Trustworthiness in Energy Systems (CITES)

The Center for Infrastructure Trustworthiness in Energy Systems (CITES), a new Phase I IUCRC, focuses on research issues in the critical area of cyber resilience and the trustworthiness of energy systems (e.g., electric grid generation, transmission, and distribution), which have an extensive dependence on cyber technology. Composed of three University sites (University of Illinois Urbana-Champaign, University of Arkansas, and Florida International University), CITES seeks to advance research and technologies that addresses unmet and underserved industry needs to better secure energy systems. In close partnership with its members (Offices of Emergency Medical Services, energy providers, national labs, and industry associations), CITES will help secure the national defense by developing research that leads to practical means of protecting energy systems against failure within and attacks upon their cyber infrastructures. The fundamental issues addressed by CITES concern cyber resilience in the context of the specialized requirements for these “operational technology” (OT) systems, issues which include the heterogeneity of OT equipment, and integration with much more widely used informational technology (IT) equipment. The Center will focus on detecting and quickly responding to attacks on the cyber infrastructure, rapidly recovering from the impacts of successful attacks, decreasing the costs and risks of patching operational systems, and ensuring that communication between devices happens fast enough and with enough volume to support operations. CITES will also serve an important role in augmenting the nation’s workforce in OT-knowledgeable cyber-security professionals. Research methodologies include system analysis, formal methods and other mathematics, and empirical evaluation of prototypes. CITES technical contributions include knowledge creation, knowledge transfer, and empirical proofs of concept that utilize University of Illinois Urbana-Champaign (UIUC)’s specialized OT system testbed. Energy providers benefit by observing the potential for increased resilience; Equipment manufacturers benefit from proven ideas, and other stakeholders benefit from increased knowledge. CITES research at UIUC is organized around three thrusts. The first of these thrusts is understanding security - developing ways of understanding the security properties of a system, including analysis of organization and configurations, and of the data derived from the system. Research about security properties formalizes representations of systems and develops security proofs. Research in data analysis makes the task of interpreting data manageable and provides insights and understanding of system behaviors. The second thrust - security at the edge - has a focus on vulnerabilities that exist where subsystems join. The team develops means of detecting both potential and actualized flaws. The technology is tailored to the special security needs (e.g., cross-system authentication) that occur at the edge. The third thrust - useable security technologies - ensures that new security technologies do not increase the risk of the system failing and do not violate any of the system’s operating constraints. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria. Read More >

2113880

IUCRC Phase 1 Florida International University: Center for Infrastructure Trustworthiness in Energy Systems (CITES)

The Center for Infrastructure Trustworthiness in Energy Systems (CITES), a new Phase I IUCRC, focuses on research issues in the critical area of cyber resilience and the trustworthiness of energy systems (e.g., electric grid generation, transmission, and distribution), which have an extensive dependence on cyber technology. Composed of three University sites (University of Illinois Urbana-Champaign, University of Arkansas, and Florida International University), CITES seeks to advance research and technologies that addresses unmet and underserved industry needs to better secure energy systems. In close partnership with its members (Offices of Emergency Medical Services, energy providers, national labs, and industry associations), CITES will help secure the national defense by developing research that leads to practical means of protecting energy systems against failure within and attacks upon their cyber infrastructures. The fundamental issues addressed by CITES concern cyber resilience in the context of the specialized requirements for these “operational technology” (OT) systems, issues which include the heterogeneity of OT equipment, and integration with much more widely used informational technology (IT) equipment. The Center will focus on detecting and quickly responding to attacks on the cyber infrastructure, rapidly recovering from the impacts of successful attacks, decreasing the costs and risks of patching operational systems, and ensuring that communication between devices happens fast enough and with enough volume to support operations. CITES will also serve an important role in augmenting the nation’s workforce in OT-knowledgeable cyber-security professionals. Research methodologies include system analysis, formal methods and other mathematics, and empirical evaluation of prototypes. CITES technical contributions include knowledge creation, knowledge transfer, and practical proofs of concept that utilize Florida International University (FIU)'s specialized testbeds. Energy providers benefit by observing the potential for increased resilience; Equipment manufacturers benefit from proven ideas, and other stakeholders benefit from increased knowledge. CITES research at FIU is organized in three thrusts. The first thrust is increasing security which addresses issues related to increased energy industry use of power electronics with embedded sensors, converters, actuation, and control mechanisms through wired and wireless connections. Electric grids, electrified transportation, data centers, and Internet of Things (IoT) devices rely on trustworthy power electronics. The Center seeks to identify the best key management approaches, make the existing solutions deployable to the power grid, and adapt novel solutions that will be lightweight, have significant bandwidth, and be storage efficient. The second thrust - enhancing communications supporting energy cyber-physical systems - provides critical capabilities for securing commercial wireless networks and their interactions with energy systems equipment that operate on them. The Center utilizes a comprehensive frequency range across the 5G and satellite communications and navigation bands to enable security measures and characterization techniques that serve the growing industry and related energy systems innovations, internet of things (IoT), and navigation in support of current and future energy cyber-physical systems. The third thrust, security of electric vehicle infrastructure - solves diverse problems related to safety and security that are forced by the widespread use of electric vehicles. A broad space of research problems related to power electronics, placement, and management of charging stations supports aggregate battery power to support renewable energy. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria. Read More >

2113903

IUCRC Phase I: The University of Arkansas: Center for Infrastructure Trustworthiness in Energy Systems (CITES)

The Center for Infrastructure Trustworthiness in Energy Systems (CITES), a new Phase I IUCRC, focuses on research issues in the critical area of cyber resilience and the trustworthiness of energy systems (e.g., electric grid generation, transmission, and distribution), which have an extensive dependence on cyber technology. Composed of three University sites (University of Illinois Urbana-Champaign, University of Arkansas, and Florida International University), CITES seeks to advance research and technologies that addresses unmet and underserved industry needs to better secure energy systems. In close partnership with its members (Offices of Emergency Medical Services, energy providers, national labs, and industry associations), CITES will help secure the national defense by developing research that leads to practical means of protecting energy systems against failure within and attacks upon their cyber infrastructures. The fundamental issues addressed by CITES concern cyber resilience in the context of the specialized requirements for these “operational technology” (OT) systems, issues which include the heterogeneity of OT equipment, and integration with much more widely used informational technology (IT) equipment. The Center will focus on detecting and quickly responding to attacks on the cyber infrastructure, rapidly recovering from the impacts of successful attacks, decreasing the costs and risks of patching operational systems, and ensuring that communication between devices happens fast enough and with enough volume to support operations. CITES will also serve an important role in augmenting the nation’s workforce in OT-knowledgeable cyber-security professionals. Research methodologies include system design, system analysis, formal methods and other mathematics, and empirical evaluation of prototypes. CITES technical contributions include knowledge creation, knowledge transfer, and empirical proofs of concept that utilize the power system facilities at the University of Arkansas. Energy providers benefit by observing the potential for increased cybersecurity and resilience; Equipment manufacturers benefit from proven ideas and other stakeholders benefit from increased knowledge. CITES research at the University of Arkansas is organized around five thrusts: 1) Vulnerability assessment and mitigation – methods for assessing the risks of security vulnerabilities and mitigating vulnerabilities in optimal ways; 2) Artificial intelligence-based attack detection – methods for detecting attacks, incidents, and anomalies timely and effectively, leveraging recent advances in artificial intelligence; 3) Secure and resilient communications – methods to make energy system networks and communications secure against attacks and resilient against failures; 4) Supply chain security – methods for provisioning integrity, provenance, and other security properties in supply chains; and 5) Power electronic device hardening and security-by-design – reference designs and technologies for securing power electronics, such as firmware security and in-device attack detection. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria. Read More >

Member Organizations

IUCRC affiliated member organizations are displayed as submitted by the Center. Non-federal organizations are not selected, approved, or otherwise endorsed by the National Science Foundation.