As the U.S. electrifies the transportation sector, cyberattacks targeting vehicle charging could impact several critical infrastructure sectors including power systems, manufacturing, medical services, and agriculture. This is a growing area of concern as charging stations increase power delivery capabilities and must communicate to authorize charging, sequence the charging process, and manage load (grid operators, vehicles, OEM vendors, charging network operators, etc.). The research challenges are numerous and complicated because there are many end users, stakeholders, and software and equipment vendors interests involved. Poorly implemented electric vehicle supply equipment (EVSE), electric vehicle (EV), or grid operator communication systems could be a significant risk to EV adoption because the political, social, and financial impact of cyberattacks — or public perception of such — would ripple across the industry and produce lasting effects. Unfortunately, there is currently no comprehensive EVSE cybersecurity approach and limited best practices have been adopted by the EV/EVSE industry. There is an incomplete industry understanding of the attack surface, interconnected assets, and unsecured inter faces. Comprehensive cybersecurity recommendations founded on sound research are necessary to secure EV charging infrastructure. This project provided the power, security, and automotive industry with a strong technical basis for securing this infrastructure by developing threat models, determining technology gaps, and identifying or developing effective countermeasures. Specifically, the team created a cybersecurity threat model and performed a technical risk assessment of EVSE assets across multiple manufacturers and vendors, so that automotive, charging, and utility stakeholders could better protect customers, vehicles, and power systems in the face of new cyber threats.
Superstorm Sandy caused a major disruption to passenger-rail and other commuter systems throughout New York and New Jersey. To address this issue, New Jersey Transit (NJT) established the NJ TRANSITGRID project, an effort designed to power bus, ferry, and limited passenger-rail service during natural or man-made disasters. Given the importance of these transportation systems, NJT partnered with Sandia National Laboratories (Sandia) to assess the cyber-resilience of the information systems that monitor and control the electrical systems within the microgrid. The Sandia “tabletop” assessment is based on the most recent 20% design packages. From this assessment, the Sandia team identified several security areas that were undefined or did not implement industry best practices. Finally, the Sandia team presented possible follow-on assessment activities and recommended investigating multiple hardening technologies. Addressing these findings and adding state-of-the-art detection and mitigation technologies will help ensure the NJ TRANSITGRID is built with more comprehensive cyber-resilience features.
International nuclear safeguards are technical measures implemented by the International Atomic Energy Agency (IAEA) to verify the correctness and completeness of declarations made by States about their nuclear activities. The systems used to verify such activities include electronic and digital hardware and software components capable of data collection, processing, analysis, storage and transmission. Despite increasing efforts to protect digital systems against unauthorized access or attack through cybersecurity measures, these systems are not immune to cyber exploitation that could compromise their integrity or reliability. Previous versions of these systems did not include capabilities that exist today, such as BluetoothTM and GPS. The inclusion of these new capabilities, as well as new data processing and storage mechanisms, adds new attack vectors and opportunities for adversaries to exploit the devices that did not previously exist. As mentioned in the above referenced Cybersecurity for Safeguards study, cyber-domain vulnerabilities present risks to the equipment used to perform the international nuclear safeguards mission. The IAEA has produced guidance on the protection of nuclear facilities and their computer systems against cyber threats, but these documents do not specifically address the risks to safeguards or safeguards equipment. In response, the U.S. Department of Energy National Nuclear Security Administration (DOE/NNSA) Office of International Nuclear Safeguards/Safeguards Technology Development (NA-241) sponsored Sandia National Laboratories (Sandia, SNL) and the Idaho National Laboratory (Idaho, INL) to conduct a one-year study to evaluate cyber related vulnerabilities in safeguards equipment and develop recommendations for the mitigation of any identified risks.
The cybersecurity consortium, which was established by DOE/NNSA’s Minority Serving Institutions Partnerships Program (MSIPP), allows students from any of the partner schools (13 HBCUs, two national laboratories, and a public school district) to have all consortia options available to them, to create career paths and to open doors to DOE sites and facilities to student members of the consortium. As a part of this year consortium activities, Sandia National Laboratories and the University of Virgin Islands conducted a week long cyber workshop that consisted of three courses; Digital Forensics and Malware Analysis, Python Programming, and ThunderBird Cup. These courses are designed to enhance cyber defense skills and promote learning within STEM related fields.
Within large organizations, the defense of cyber assets generally involves the use of various mechanisms, such as intrusion detection systems, to alert cyber security personnel to suspicious network activity. Resulting alerts are reviewed by the organization's cyber security personnel to investigate and assess the threat and initiate appropriate actions to defend the organization's network assets. While automated software routines are essential to cope with the massive volumes of data transmitted across data networks, the ultimate success of an organization's efforts to resist adversarial attacks upon their cyber assets relies on the effectiveness of individuals and teams. This paper reports research to understand the factors that impact the effectiveness of Cyber Security Incidence Response Teams (CSIRTs). Specifically, a simulation is described that captures the workflow within a CSIRT. The simulation is then demonstrated in a study comparing the differential response time to threats that vary with respect to key characteristics (attack trajectory, targeted asset and perpetrator). It is shown that the results of the simulation correlate with data from the actual incident response times of a professional CSIRT.
This report summarizes research conducted through the Sandia National Laboratories Enhanced Training for Cyber Situational Awareness in Red Versus Blue Team Exercises Laboratory Directed Research and Development project. The objective of this project was to advance scientific understanding concerning how to best structure training for cyber defenders. Two modes of training were considered. The baseline training condition (Tool-Based training) was based on current practices where classroom instruction focuses on the functions of a software tool with various exercises in which students apply those functions. In the second training condition (Narrative-Based training), classroom instruction addressed software functions, but in the context of adversary tactics and techniques. It was hypothesized that students receiving narrative-based training would gain a deeper conceptual understanding of the software tools and this would be reflected in better performance within a red versus blue team exercise.