Firmware used in the control and monitoring of the U.S. electric grid and Building Automation Systems (BASs) are rarely, if ever, analyzed by end-users for potential vulnerabilities prior to being deployed. This is of concern to Department of Defense (DoD) Energy and Water (E&W) operations who maintain many such control systems and BASs. Should a firmware vulnerability in a control system be exploited, it could lead to disastrous consequences such as failure of systems, destruction of equipment, and potential compromise of DoD base infrastructure.
This project successfully developed and demonstrated a suite of automated tools for the analysis of binary executables to identify potential vulnerabilities prior to deployment within electric control systems at DoD base facilities.
The suite of tools consists of a set of five Binary Analysis Tools (BATs). These tools leverage the ROSE infrastructure developed over the last 20 years at Lawrence Livermore National Laboratory. Each BAT analyzes a binary for the potential presence of specific cyber vulnerabilities. They were designed for three different user-types to perform actions based on the BAT analysis output. These user-types include:
The BAT tool suite was demonstrated at the Army Research Laboratory and at Elmendorf Air Force Base. The demonstrations illustrated how each BAT functions, the outputs they produce and how each of the three user-types could leverage the tools in their respective environments. The concept of potentially escalating a firmware analysis question to the responsible vendor was met with understanding and agreement. As most sites will not have advanced binary analysis expertise it was agreed that the firmware vendor should be responsible for explanation of any anomalies encountered in the analysis.
The cost model for the BAT tool suite addresses the requirements to support firmware analysis at individual DoD sites. Since the software is made available to DoD at no cost, the BAT tool computer platform and end-user training will dominate implementation cost. The cost model includes a conventional desktop computer, installation, and ongoing system administration.
The introduction of the usage of the BAT technology also introduces the need for added time for a Power Engineer to apply firmware updates. This added time comes from the need for a Power Engineer to first use the BAT technology to analyze the firmware update before applying it, and if necessary, the time needed for an additional Protection Engineer to review the findings of the BAT analysis. Because cyber-risk mitigation is often only noticeable when a system fails due to cyber-intrusion, using the BAT technology may seem like an unnecessary step to firmware upgrades.
Several publications were produced during this project: