Publications

As the transportation industry continues to become electrified, introduction of additional digital devices within associated actions such as recharging bring additional potential for cybersecurity attacks. Devices that are designed, implemented, and operated with cybersecurity as a crucial consideration exacerbate these concerns by failing to provide strict boundaries on access to and use of the equipment. Emerging use cases such as Vehicle to Grid (V2G) charging may expand the potential physical effects of a cybersecurity attack by providing indirect access to electrical components of a building microgrid or portions of the larger power grid. This paper serves as an overview of findings and recommendations based on cybersecurity testing performed at a V2G implementation site operated by a member of the Memorandum of Understanding (MOU) to Establish the Vehicle-to-Everything (V2X) Collaboration [1]. The Department of Energy Office of Cybersecurity, Energy Security, and Emergency Response is a signatory of the MOU, and has funded this research paper and associated body of work regarding V2X cybersecurity. Sandia has a large background of previous research focused on Electric Vehicle (EV) cybersecurity, such as reference [2], which includes an overall survey of EV infrastructure cybersecurity and recommendations based on those findings. This report seeks to expand knowledge of EV cybersecurity status and needs by focusing on a specific implementation of V2G charging, and providing recommendations based on the relevant findings. This report serves as a publicly available, sanitized description of applied vulnerability testing on an operational V2G implementation. A more in-depth technical version of the report is provided to the MOU partner, but not available at the time of writing due to inclusion of proprietary information. V2G charging comes with many research problems that must be solved before the technology can securely implemented in sites with unrestricted public access or where cybersecurity attacks could have increased consequences, such as government offices. V2G charging requires many stakeholders such as end users, host sites, equipment vendors, and integrators, which all rely on operational safety and security as well as security and trustworthiness of any associated financial transactions.

In the dynamic landscape of Operational Technology (OT), and specifically the emerging landscape for Advanced Reactors, the establishment of trust between digital assets emerges as a challenge for cybersecurity modernization. This report reviews existing approaches to authentication in Enterprise environments, and proposed methods for authentication in OT, and analyzes each for its applicability to future Advanced Reactor digital networks. Principles of authentication ranging from underlying cryptographic mechanisms to trust authorities are evaluated through the lens of OT. These facets emphasize the importance of mutual authentication in real-time environments, enabling a paradigm shift from the current approach of strong boundaries to a more malleable network that allows for flexible operation. This work finds that there is a need for evaluation and decision making by industry stakeholders, but current technologies and approaches can be adapted to fit needs and risk tolerances.

Abstract not provided.

The research investigates novel techniques to enhance supply chain security via addition of configuration management controls to protect Instrumentation and Control (I&C) systems of a Nuclear Power Plant (NPP). A secure element (SE) is integrated into a proof-of-concept testbed by means of a commercially available smart card, which provides tamper resistant key storage and a cryptographic coprocessor. The secure element simplifies setup and establishment of a secure communications channel between the configuration manager and verification system and the I&C system (running OpenPLC). This secure channel can be used to provide copies of commands and configuration changes of the I&C system for analysis.

Cyber security has been difficult to quantify from the perspective of defenders. The effort to develop a cyber-attack with some ability, function, or consequence has not been rigorously investigated in Operational Technologies. This specification defines a testing structure that allows conformal and repeatable cyber testing on equipment. The purpose of the ETE is to provide data necessary to analyze and reconstruct cyber-attack timelines, effects, and observables for training and development of Cyber Security Operation Centers. Standardizing the manner in which cyber security on equipment is investigated will allow a greater understanding of the progression of cyber attacks and potential mitigation and detection strategies in a scientifically rigorous fashion.

This document is intended to be utilized with the Equipment Test Environment being developed to provide a standard process by which the ETE can be validated. The ETE is developed with the intent of establishing cyber intrusion, data collection and through automation provide objective goals that provide repeatability. This testing process is being developed to interface with the Technical Area V physical protection system. The document will overview the testing structure, interfaces, device and network logging and data capture. Additionally, it will cover the testing procedure, criteria and constraints necessary to properly capture data and logs and record them for experimental data capture and analysis.

The supply chain attack pathway is being increasingly used by adversaries to bypass security controls and gain unauthorized access to sensitive networks and equipment (e.g., Critical Digital Assets). Cyber-attacks targeting supply chain generally aim to compromise the environments, products, or services of vendors and suppliers to inject, add, or substitute authentic software and hardware with malicious elements. These malicious elements are deemed to be authentic as they arise from the vendor or supplier (i.e., the supply chain). This research aims to leverage findings and assumptions made from the previous report to determine the security benefits and drawbacks of a smart card- based hardware root of trust. Smart cards can provide devices inside Nuclear Power Plants (NPP) with a secure environment to store keys in and perform sensitive operations such as digital signature generation. These abilities can be leveraged to increase supply chain cybersecurity by autonomously providing NPP Licensees with reports on device integrity, authenticity and measurements of executable and non-executable data.

The supply chain attack pathway is being increasingly used by adversaries to bypass security controls and gain unauthorized access to sensitive networks and equipment (e.g., Critical Digital Assets). Cyber-attacks targeting supply chain generally aim to compromise the environments, products, or services of vendors and suppliers to inject, add, or substitute authentic software and hardware with malicious elements. These malicious elements are deemed to be authentic as they arise from the vendor or supplier (i.e., the supply chain). This research aims at providing a survey of technologies that have the potential to reduce exposure of sensitive networks and equipment to these attacks, thereby improving tamper resistance. The recent advances in the performance and capabilities of these technologies in recent years has increased their potential applications to reduce or mitigate exposure of the supply chain attack pathway. The focus being on providing an analysis of the benefits and disadvantages of smart cards, secure tokens, and elements to provide root of trust. This analysis provides evidence that these roots of trust can increase the technical capability of equipment and networks to authenticate changes to software and configuration thereby increasing resilience to some supply chain attacks, such as those related to logistics and ICT channels, but not development environment attacks.