Advanced Networking for Reliable Energy Delivery Systems

s
Activity Leads: 
Industry Collaborators: 
  • Currently seeking industry collaborators who make computing and networking equipment for EDS.
  • Also looking for collaborators from national labs, power companies, etc., to test deployment.
  • ABB
  • Duke Energy

 

Summary Statement: 

This activity is split into two distinct, yet related projects. Software Defined Networking (SDN) can help improve the security of networks in energy delivery systems – SDN provides a global view and mechanisms to manage flows as a whole (instead of individual packets at each router/switch). This enables the creation and management of carefully pre-engineered paths for packet flows in control networks as is being demonstrated in a related SDN project in collaboration with SEL. However, there are concerns about network consistency during security-incident induced updates (e.g., redirecting flows around areas of a network thought to be compromised, or under DDOS attack.) Further, SDNs still do not support provision of end-to-end real-time quality-of-service (QoS) that is needed to ensure on-time delivery of real-time messaging. Existing real-time QoS mechanisms in literature do not have the manageability that SDNs bring. Current state of the practice for ensuring reliable and timely delivery of critical control packets is mostly achieved through over-provisioning. In this activity, we aim to design and develop dynamic real-time QoS mechanisms for EDS control networks that are using SDN. Hence, we will develop mechanisms, algorithms and protocols for achieving QoS with real-time (i.e. end-to-end delay) guarantees and prioritization. Further, we will also investigate how to maintain isolation guarantees, especially among critical and non-critical flows during changes in the network (disruptions, failures, configuration changes etc.) These are essential for network resiliency, where non-critical connectivity services gracefully degrade in the face of security disruptions, but the network provides essential functions throughout the security incident.

Energy Delivery System (EDS) Gap Analysis: 

Energy delivery systems lack guarantees for critical flows – in terms of end-to-end timeliness guarantees as well as maintaining the consistency of network flows when the system needs to be updated. This can impede the critical operations. Without such guarantees, the system may be vulnerable to multiple problems, for instance, (a) denial-of service attacks by an adversary, (b) sudden increases in debug/engineering flows (say due to failures or even due to adversarial activity), etc. As mentioned earlier, software-defined networks (SDNs) have unique properties that can help address such problems (the global visibility into the network for instance). Current SDN offerings though do not have this functionality yet. For instance, there is a lack of research in time-critical flows for EDS using SDNs. This research effort intends to fix this very gap.

Reference the research activity fact sheet (PDF) for an extended gap analysis and bibliography.

How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
This work will help develop and implement new protective measures to reduce risk – by ensuring that timeliness of critical flows in EDS cannot be impacted by other flows/adversaries.

More Information: 
Status of Activity: 
Active