Evaluating Effectiveness of an Embedded System Endpoint Security Technology on EDS OT: Defeating the Hackers of IIoT Devices

Activity Leads: 
Industry Collaborators: 
  • Siemens, Smart Transportation Group
  • Schneider Electric, Security Group
  • NRECA, IIoT EDS Data Collection & Analytics
Summary Statement: 

Industrial control systems have been shown to be vulnerable to cyberattacks as seen in high profile attacks such as Stuxnet (Zetter 2014). Multiple security approaches have been proven to be ineffective for IIoT EDS devices. There are several reasons for this. One is that antivirus programs need to house gigabytes of data and malware memory signatures. Considering the low memory, low processing power for these devices, it is impossible to run such solutions. This research aims to study an embedded end-point security technology that was originally designed for the unique requirements of enterprise IoT devices and customize it for EDS.

To implement this research, we are planning to collaborate with NRECA who has established a solution for collecting and analyzing IIoT EDS data. The proposed agenda is entirely complementary considering we aim to focus on the ability to securely deliver and then make actual changes to the endpoint without impacting operations. Our endpoint security mechanism can provide updates based on the recommendations from NRECA’s system (other data gathering approaches may be used as needed).

Energy Delivery System (EDS) Gap Analysis: 

Current IIoT EDS security solutions are inadequate and do not meet the requirements set in the Energy Delivery Systems Cybersecurity roadmap. Specifically, current solutions do not address the unique nature of IIoT networks.

While some current solutions claim to be ‘secure’, they each have known flaws. Adding additional application-level security improves security but is still susceptible to attacks that distort control signals or timing-based attacks. Similarly, network listening via packet sniffing fails to protect against message tampering upstream on the network. Virtual machines and system-on-chip solutions are also hindered by performance issues and scalability problems respectively. 

Other DOE-funded security research programs such as NRECA’s work initially focuses on data collection and analytics for IIoT EDS. Complementary to these solutions we allow for command and control over the endpoint to securely deliver and implement security updates.

Reference the research activity fact sheet (PDF) for an extended gap analysis and bibliography.

How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
The intention of this study will be to address the roadmap area: Develop and Implement New Protective Measures to Reduce Risk. The technology to be developed will include a lightweight agent that could fit on the endpoint of an EDS. The agent will have command and control capabilities that will act in parallel to the EDS firmware so that security updates to the OS environment will be done without affecting operations.

Status of Activity: 
Active