Cybersecurity is serious business, but process industry users often have a hard time identifying and preventing probes, intrusions and attacks due to constantly evolving threats, lack of security expertise and steep learning curves. To give these and other manufacturers some much-needed aid on the cybersecurity front, Idaho National Laboratory (INL) has been rapidly ramping up its efforts, educational resources, alert programs and tools, which can all help users in all industries evaluate their individual security risks and learn how to protect themselves and their facilities.
"We've worked with Yokogawa and other process automation and control suppliers on addressing cybersecurity, but now we're focusing even more closely on forming partnerships that can help bring better cybersecurity to their user communities," said Zachary Tudor, deputy associate laboratory director for the National and Homeland Security division at Idaho National Laboratory. "Our partnerships with governments, industries and academia can make a huge impact on our nation’s security. These partnerships and collaboration are essential for the continued security of our critical infrastructure."
Tudor presented "Partnering for Impact: INL's Approach to Critical Infrastructure Protection" this week at the 2016 Yokogawa Users Conference and Exhibition in Orlando.
National security resources
As one the U.S. Dept. of Energy's 17 national laboratories or "capability engines," INL is uniquely positioned to lead the way on industrial control system (ICS) security. "INL leads on cybersecurity mainly because of its 40 years of expertise in conducting testing of the nation's nuclear power infrastructure,” explained Tudor. “As a result, we've learned that cybersecurity isn't just the security guy's concern—it's the job of everyone in operations, maintenance and elsewhere in each plant and process facility."
Tudor added that INL resembles a well-characterized, reconfigurable city/region where energy and security questions can be addressed at scale. The 890-square-miles INL site presently includes 111 miles of electrical transmission and distribution lines, 579 buildings, three fire stations, three reactors, nuclear and radiological facilities, two spent fuel pools, 300 metric tons of used fuel, classified spaces, explosive range and landfills. Its national security profile and capabilities include:
- Electric grid test beds for evaluating commercial feeds and testing loops and spurs;
- Water security test beds for examining municipal water/wastewater systems;
- Radiological ranges and first-responder training;
- Specific manufacturing for products such as 100% zero-defects armor made from depleted uranium for Abrams tanks;
- National security test range for conducting vulnerability assessments;
- Nuclear materials R&D center, which performs electro-refining and testing;
- Research and education campus, which includes the U.S. Dept. of Homeland Security's ICS Cyber Emergency Response Team (ICS-CERT) and Energy Security Labs;
- Integrated testing across multidisciplinary areas, such as radiological, physical security, explosive, power, controls and cybersecurity;
- Access to the full range of support services, including linemen, engineers, radiological technicians, firefighters and security forces; and,
- Ability to develop prototypes and manufacturing processes.
"INL has a lot of space and isolation, so it has safe testing sites that can check for vulnerabilities by testing to destruction large equipment like generators," explained Tudor. "Identifying vulnerabilities in critical U.S. infrastructure leads to ways to mitigate them." Likewise, INL and ICS-CERT identifies, analyzes, tests and recommends responses to cybersecurity vulnerabilities in the U.S. power grid and other industries, and suggests new approaches and designs to help make the nation's critical infrastructure more resilient.
In general, ICS-CERT's mission is to provide focused operational capabilities for defense of control system environments against emerging cyber threats. ICS-CERT also hosts red team/blue team-style advanced training exercises in a 42-student classroom and lab that includes an integrated substation and chemical plant. Its four primary activities are:
- Providing situational awareness in the form of actionable intelligence;
- Conducting vulnerability and malware analysis;
- Responding to and analyzing incidents related to control systems; and,
- Partnering with federal, international and private sectors to secure systems.
Collaboration and pilot projects
Because of their ramped-up focus on cybersecurity, INL and ICS-CERT have undertaken a variety of cooperative projects with industrial and municipal users and organizations. Some of these include:
- Consequence-driven, cyber-informed engineering (CCE), which is developing an end-to-end approach to integrate risk management, inform engineering designs with cybersecurity, and close the gap on attackers by hardening devices, and detecting and disrupting threat actor information;
- Machine-to-machine automated threat response, which enables more resilient control system devices via pre-programmed responses to detect illicit behavior and machine-speed remediation, and mitigate exploits before there's an impact;
- Embedded systems and wireless communication links to secure automotive technologies by assessing their vulnerability exposure such as wireless links and unique embedded protocols, and identifying innovative mitigations and future design changes;
- Smart device integration onto the grid, which help vendors design cybersecurity into electric vehicle power supply equipment prior to commercialization, understand larger energy grid impacts, and establish metrics for communication performance for reliable smart devices in distribution grids;
- Wireless spectrum communication, which consists of developing an innovative waveform for reliable dynamic spectrum allocation with frequency agility, jam resistance and critical controls operating below the noise floor, as well as integrating secure encryption based on the physics of the communications;
- Cooperating with California Energy Systems for the 21st Century (CES-21) to developing automated response capabilities to protect critical California infrastructure against cyber-attacks with automated, machine-to-machine communications to assess key indicators and develop appropriate responses;
- Grid Security Exercise 2015 (GridEx III) with the North American Electric Reliability Corp. and the Electricity Information Sharing and Analysis Center (E-ISAC) to execute the electricity sector’s crisis response to simulated, coordinated cybersecurity and physical security threats and incidents, strengthen utilities’ crisis response functions, and provide input for lessons learned; and,
- Integrated Joint Cybersecurity Coordination Center (iJC3) cyber-physical security program to help DoE's labs assess and secure their own unique control system assets, develop best practices and protections, and monitor recommendations to address highest-consequence, cyber-physical risks.
"CCE, in particular, is important because while we look at control architectures for vulnerabilities and ways to patch them, this is also an older approach," said Tudor. "As a result, we're also examining the consequences we're trying to avoid, and then considering architectural changes to avoid those consequences. This will let us find vulnerabilities more effectively, and avoid more of them in the first place. We're no longer simply looking at operations, and adding security afterwards. This why sharing information on cybersecurity—including machine-to-machine at millisecond speeds—as well as establishing networks of trust, and maintaining partnerships are key to cybersecurity."