DARPA Research Leads Grid Security Solutions

DARPA Research Leads Grid Security Solutions

DARPA is seeking systems to localize and characterize malicious software that has penetrated critical utility systems.

The U.S. electric grid is vulnerable to a cyber-attack that could take electricity offline if successful. Protecting against cyber threats requires staying ahead of technology, maintaining transparency and sharing information. The Defense Advanced Research Projects Agency ( DARPA) is one government organization that has awarded several contracts to develop emerging technologies. These innovations could then be used to prevent and respond to cyber-attacks. Since DARPA is responsible for some of the world's most significant scientific and technological breakthroughs, it is crucial that President-elect Donald Trump funds the agency’s efforts. These public-private partnerships demonstrate why it is essential that the government and private sector work together to protect against such threats.

Proposals are being sought by DARPA to detect cyber-attacks on the U.S. electric grid early, and to reduce the time required for restoration of electricity in the event of a successful attack.  According to John Everett, DARPA program manager, if a cyber-attack on the nation’s power grid were to occur today, the time it would take to restore power would pose national security challenges such as hindering military mobilization and impeding force projection

DARPA has created a four year program in which automated systems would help restore power if a successful cyber-attack caused electricity to be unavailable. The program to develop technologies is called Rapid Attack Detection, Isolation and Characterization Systems ( RADICS). Innovations developed as a result of RADICS could be shared with other partners such as Cyber Command, Industrial Control Systems Cyber Emergency Response Team, National Guard Cyber Protection Units, the Army Corps of Engineers and commercial cybersecurity firms to boost protection of the U.S. electric grid.

One of the most concerning aspects of cyber security are threats to industrial control systems, which run on code and are programmable. Industrial control computers provide remote control of machinery, such as opening and shutting water pipes, regulating the flow of gas, managing the production of chemicals, running data centers, powering plant turbines and commuter trains, by collecting data from electronic sensors and sending the information to users on their desktop computers. Remote control of such equipment has allowed the private sector to save money by reducing the number of workers in the field. Siemens, a leader in the automation industry, has noted that remote control devices are important to international competition.

Industrial control systems were initially built on an infrastructure immune to cyber threats, but this changed over the past two decades as information technologies and industrial control systems converged. Since industrial control systems are linked to other systems, they are exposed to cyber vulnerabilities through Internet connections. In fact, Shodan is a search engine that reveals industrial control computers, and shows how some are open to exploitation by moderately talented hackers. The most powerful industrial control architecture is supervisory control and data acquisition ( SCADA). If SCADA systems in particular were to be compromised by a cyber-attack, significant physical consequences could result.

 

An early warning capability could prevent a cyber-attack or minimize damage effects to industrial control systems and other equipment. Because the U.S. electric grid is so large, it may be difficult to differentiate a routine power outage from an actual cyber-attack as a number of systems are likely to be in an abnormal state at any given time. RADICS aims to develop advanced anomaly-detection systems with high sensitivity and low false positive rates to make such a distinction.

DARPA awarded Vencore Labs, Inc. contracts to develop such a system that continuously executes anomaly detection algorithms to provide early warning, spoofing detection and situational awareness. The research agency has awarded Raytheon a contract to create products that provide warnings of possible cyber-attacks and identifies power grid data collection and communication issues. In addition, collaborators at the University of California, Berkeley, and Lawrence Berkeley National Laboratory have produced sensors that lookout for irregularities in the physical behavior of the grid and boost situational awareness to protect from a cyber-attack under the DARPA power grid cybersecurity program.

DARPA also is seeking systems to localize and characterize malicious software that has penetrated critical utility systems. Vencore Labs is developing such a system that will also be able to map industrial control systems, gather and analyze configuration data, determine which devices are behaving incorrectly, and characterize malware to help with restart operations. This capability could boost the abilities of cyber first responders and assist utility engineers with rapid and safe recovery of power.

Because early detection of cyber threats is difficult to achieve, situational awareness after an attack or threat is needed. After a cyber incident, systems connected to the Internet must be isolated and may even need to be shut down because the attack could spread. RADICS aims for a secure emergency network to connect power suppliers after a cyber-attack. Raytheon will review processes for emergency communication networks to assist the rapid connection of important organizations in such a situation. An emergency network would be useful in locations where Internet infrastructure may not be working after a cyber-attack or if hackers were to embed malicious code in information technology systems belonging to utilities during a cyber-attack.