Publications

Recent high profile cyber attacks on critical infrastructures have raised awareness about the severe and widespread impacts that these attacks can have on everyday life. This awareness has spurred research into making industrial control systems and other cyber-physical systems more resilient. A plethora of cyber resilience metrics and frameworks have been proposed for cyber resilience assessments, but these approaches typically assume that data required to populate the metrics is readily available, an assumption that is frequently not valid. This paper describes a new cyber experimentation platform that can be used to generate relevant data and to calculate resilience metrics that quantify how resilient specified industrial control systems are to specified threats. Demonstration of the platform and analysis process are illustrated through a use case involving the control system for a pressurized water reactor.

Recent high profile cyber attacks on critical infrastructures have raised awareness about the severe and widespread impacts that these attacks can have on everyday life. This awareness has spurred research into making industrial control systems and other cyber-physical systems more resilient. A plethora of cyber resilience metrics and frameworks have been proposed for cyber resilience assessments, but these approaches typically assume that data required to populate the metrics is readily available, an assumption that is frequently not valid. This paper describes a new cyber experimentation platform that can be used to generate relevant data and to calculate resilience metrics that quantify how resilient specified industrial control systems are to specified threats. Demonstration of the platform and analysis process are illustrated through a use case involving the control system for a pressurized water reactor.

There are now over 2.5 million Distributed Energy Resource (DER) installations connected to the U.S. power system. These installations represent a major portion of American electricity critical infrastructure and a cyberattack on these assets in aggregate would significantly affect grid operations. Virtualized Operational Technology (OT) equipment has been shown to provide practitioners with situational awareness and better understanding of adversary tactics, techniques, and procedures (TTPs). Deploying synthetic DER devices as honeypots and canaries would open new avenues of operational defense, threat intelligence gathering, and empower DER owners and operators with new cyber-defense mechanisms against the growing intensity and sophistication of cyberattacks on OT systems. Well-designed DER canary field deployments would deceive adversaries and provide early-warning notifications of adversary presence and malicious activities on OT networks. In this report, we present progress to design a high-fidelity DER honeypot/canary prototype in a late-start Laboratory Directed Research and Development (LDRD) project.

Superstorm Sandy caused a major disruption to passenger-rail and other commuter systems throughout New York and New Jersey. To address this issue, New Jersey Transit (NJT) established the NJ TRANSITGRID project, an effort designed to power bus, ferry, and limited passenger-rail service during natural or man-made disasters. Given the importance of these transportation systems, NJT partnered with Sandia National Laboratories (Sandia) to assess the cyber-resilience of the information systems that monitor and control the electrical systems within the microgrid. The Sandia “tabletop” assessment is based on the most recent 20% design packages. From this assessment, the Sandia team identified several security areas that were undefined or did not implement industry best practices. Finally, the Sandia team presented possible follow-on assessment activities and recommended investigating multiple hardening technologies. Addressing these findings and adding state-of-the-art detection and mitigation technologies will help ensure the NJ TRANSITGRID is built with more comprehensive cyber-resilience features.

Abstract not provided.