Increasing Cyber-Resilience of Large-Scale and Long-Lived Energy Delivery Infrastructure (EDI)

Industry Collaborators: 
  • Dover Energy Automation
  • General Electric
  • Waterfall Security
  • Automatak 
  • Currently seeking collaborators. If interested, contact Sean W. Smith.
Summary Statement: 

In the current state of the art and practice, embedded systems are rife with security holes, with 0-days and forever-days. At larger scales in space, pushing patches to these boxes will be complicated; at larger scales in time, the cryptography and the enterprise management of these boxes (that is: the boxes may outlive their vendors) may break.

To help fix this problem, we are doing three things:

  • Prevention: Building tools to help prevent 0-days and forever-days in the first place (e.g., hardened parsers)
  • Mitigation: Building tools to help mitigate 0-days and forever-days discovered later (e.g., verifiable protocol filters and interface snap-ins)
  • Evaluation: Building simulation tools to evaluate how effective such tools will be when scaled up to long-lived EDI.   (E.g., what approach makes the biggest improvement? For security, can N firewalls do almost as well as 100N verifiable devices?)
Energy Delivery System (EDS) Gap Analysis: 

In EDI (e.g., smart grid) and elsewhere, we’re seeing computational infrastructure transform to networks of devices distributed massively in almost any axis imaginable.  The “penetrate and patch” paradigm that has managed to keep traditional computers somewhat secure will no longer work when devices become too long-lived, too cheap, too invisible, and too many.  As the energy sector deploys number of low-powered embedded devices at the very edges of their networks, the attack surface increases—as does the consequences of an attack. 

Will all these new interfaces be free of 0-days? If so, how will this new world be different from the old?  If not, how can the industry manage and mitigate the risks posed by these increased numbers and increased exposure of computational devices?

Our research addresses prevention and mitigation of 0-day and forever-day vulnerabilities through tools such as hardened parsers and verifiable protocol filters, and provides tools to evaluate the effectiveness of the approach.

Reference the research activity fact sheet (PDF) for an extended gap analysis and bibliography.

How does this research activity address the Roadmap to Achieve Energy Delivery Systems Cybersecurity?
The activity addresses several of the Roadmap strategies.

  • Build a Culture of Security. We seek to carefully analyze current coding practices and protocol standards in order to identify fundamental sources of vulnerabilities—and promulgate new methods to reduce or eliminate them.
  • Assess and Monitor Risk. Evaluating the effectiveness of mitigation strategies requires modeling the attack risk (and potential damage) in current infrastructure.
  • Develop and Implement New Protective Measures to Reduce Risk. Our research squarely addresses these concerns: how to reduce the prevalence of 0-days in EDS, and how to manage and mitigate the ones that show up anyway.
  • Manage Incidents. We seek to understand how the deployed interfaces, protocols, and coding practices enable attack incidents to happen—in order to engineer future systems to be resilient.
Status of Activity: