Cyber-Security Integrity For Electric Grid Facilities Management
Dr. Daniel Quinlan | Lawrence Livermore National Laboratory
Ultimately, the main objective of this project will be to demonstrate how to mitigate the risk of a cyber-attack from software upgrades to both critical electric grid infrastructure and building automations systems. Software is increasingly being integrated into hardware devices. Most software vendors define a process that includes certificate signing; however, the software (firmware) is routinely updated without any direct validation steps to check its integrity. Software integrated into critical devices is often of unknown origin, and is assembled using libraries for which the source code is unavailable. Our demonstration will show how to mitigate risks specific to supply chain management of software embedded within critical infrastructure (both power substations and building automation systems). This project will demonstrate how to test the firmware on devices, which form critical components of the electric grid infrastructure. The project will show how firmware analysis can be added to existing security assessments and best practices. This work addresses a growing problem specific to supply chain integrity for modern devices that are increasingly controlled by software on the device in place of mechanical mechanisms.
Technology has been developed within DOE for both static and dynamic analysis of software. This includes both binary executables and source code. This project has developed specific tools for the analysis of binary executables, which support a range of common instruction set architectures (ISAs). This project will demonstrate how to use these tools to define a process that will mitigate security vulnerabilities in the common maintenance steps that currently update firmware within critical device infrastructure. An increasing number of devices within both building automation and power substations combine hardware and software running directly on the hardware (firmware). Tools and an ability to build custom tools that can perform analysis on such firmware have been developed. Where static analysis can identify properties of the software executables that hold for a broad range of inputs, dynamic analysis can define behavior of specific inputs—sometimes with greater precision. Thus, both technologies are essential and can be used together. Our technologies have been developed with LLNL’s ROSE software analysis framework, an open-source framework specifically supporting the development of custom analysis tools. This enables us to make tools available to both vendors and end users, thus improving future processes to make firmware on critical device infrastructure more secure for the DoD.
This project will demonstrate both a new technology and a process for applying this technology to mitigate cyber risk within the context of facility maintenance and protection within the DoD base electrical substations and building automation systems (BAS). We will define a process for the analysis of firmware upgrades to substation equipment. This will directly result in improved supply chain integrity for mission-critical energy delivery systems. We expect to tailor the process to the requirements of the facility management of electrical substations and provide the DoD with enhanced security of its base electrical facilities. This work will be replicable to all facilities that have electrical substations with similar firmware controlled devices. The work of this project is novel because it builds missing cyber defenses to complement physical security of the DoD substation equipment.