Critical Energy Infrastructure Cyber Defense-in-Depth
Mr. Kevin Jordan | Resurgo, LLC
The objective of this project is to successfully demonstrate an Intrusion Tolerant Cyber-secure defense-in-depth of an electrical power plant against attacks representative of Tier V/Nation-state actors. This project will demonstrate to the Department of Defense (DOD) and commercial energy providers a new capability to mitigate and recover quickly from online and insider cyber activities directed against SCADA (Supervisory Control and Data Acquisition) infrastructure. The intrusion tolerant focus of our demonstration will show how new technologies employed in a defense-in-depth configuration enable a utility grid SCADA system to “fight through” an attack without disruption of services. This combination of emerging and existing technologies will both improve current methodology and best practices and set new guidelines and techniques for capitalizing on emerging technologies and processes tested by the Defense Advanced ResearchProjects Agency (DARPA) and the Director, Operational Test and Evaluation (DOT&E).
This project will demonstrate a fault, intrusion tolerant, and cyber aware defense-in-depth of a utility grid SCADA architecture from the SCADA Master computer to the remote terminal units (RTU), and Programmable Logic Controllers (PLC) that control access to the field network endpoints. The fault and intrusion tolerant communications overlay is augmented with a machine-learning sensor (MLS), the Machine-learning Assisted Network Analyzer (MANA), trained to monitor SCADA information exchanges. It will maintain situational awareness of traffic behavior within the Corporate Enterprise and Operations Technology (OT) networks. The fault and intrusion tolerant layers are provided by DARPA sponsored Johns Hopkins’ Spire technology consisting of a communications overlay on the SCADA network to assure reliable and timely information exchanges between the Human Machine Interface (HMI) and the RTUs and PLCs. The Spire solution, also features an intrusion-tolerant replication solution to ensure system availability by presenting a diverse attack surface to an attacker. Our defense-in-depth solution also takes advantage of a DARPA R&D effort “Automating the Training of Machine-Learning Sensors” (ATMS) to reduce the labor intensive aspects of training of machine-learning algorithms for cyber defense applications. Technology performance will be measured quantitatively by assessing the effectiveness of a Sandia National Lab red team to affect SCADA information exchange data properties of Confidentiality, Integrity, and Availability in the layered defense-in-depth architecture. A NIST compliant, but otherwise undefended, architecture will serve as a control for the experiment.
An expected benefit of this project includes more resilient and intrusion tolerant power generation at critical DOD installations during cyber-attacks and improved continuity of power and services during crises.
The proposed technologies are readily adaptable by commercial energy providers who support critical infrastructure. In addition, improvements in the ability to defend SCADA systems against Byzantine Intrusion attacks could be transitioned to the Naval Facilities EngineeringCommand (NAVFAC), a partner in this effort, to protect Navy operated power grids supporting critical shore-based infrastructure and operations. Cost savings would be generated as a byproduct of increased availability of services vs dollars and lives lost due to mission failure if power generation and services are disrupted. Additional cost avoidance comes from not encountering replacement costs for turbines and other power generation infrastructure components physically damaged by a cyber-attack.