Dual approach designed to provide cybersecurity for utilities infrastructure
- DARPA developing advanced tech to protect US power grid against cyber attack
The Pentagon’s Defense Advanced Research Projects Agency, better known as DARPA, has awarded Raytheon BBN Technologies, a wholly owned subsidiary of Raytheon Company, multiple contracts to research and develop technologies that will detect and respond to cyber attacks on the U.S. power grid infrastructure. The contracts, which total $9 million, were awarded under DARPA’s Rapid Attack Detection, Isolation and Characterization Systems program.
“During the last two decades, industrial control systems have evolved so that most are now connected to the Internet, making them vulnerable to cyber attack,” said Jason Redi, vice president for the Raytheon BBN Technologies Networking and Communications unit. “A significant power disruption would have profound economic and human costs in the U.S, so our goals are to prevent attacks and to reduce the time required to restore power after an attack.”
Raytheon BBN will create technologies to enhance situational awareness by providing early warning of an impending attack and detecting adversary spoofing of power grid data collection and communication. These technologies will also maintain situational awareness in the immediate aftermath of an attack.
The company will also examine methods to maintain secure emergency communication networks in the aftermath of an attack. Raytheon BBN’s approach seeks to isolate affected organizations from the Internet and establish a secure emergency network to coordinate power restoration without depending on external networks.
Exploring Ways to Protect Nation’s Electrical Grid from Cyber Attack
Across the United States, 3200 separate organizations own and operate electrical infrastructure. The widely dispersed nature of the nation’s electrical grid and associated control systems has a number of advantages, including a reduced risk that any single accident or attack could create a widespread failure from which it might take weeks to recover. Since the late 1990’s, however, cost pressures have driven the integration of conventional information technologies into these independent industrial control systems, resulting in a grid that is increasingly vulnerable to cyber-attack, either through direct connection to the Internet or via direct interfaces to utility IT systems.
Although utilities are increasingly focused on their cyber-defense needs, the process of identifying, purchasing and installing commercial host-defensive technologies across the industry may take many years. In an effort to address the cyber threat to the country’s electrical grid within a shorter time frame, DARPA released today a Broad Agency Announcement (BAA) detailing research aims for the early detection of cyber-attacks to power-grid infrastructure and seeking ways to reduce the time required to restore power. The ultimate goal of the program, known as Rapid Attack Detection, Isolation and Characterization Systems (RADICS), is to develop automated systems that would help cyber and utilities engineers restore power within seven days of an attack that overwhelms the recovery capabilities of power providers.
“If a well-coordinated cyberattack on the nation’s power grid were to occur today, the time it would take to restore power would pose daunting national security challenges,” said John Everett, DARPA program manager. “Beyond the severe domestic impacts, including economic and human costs, prolonged disruption of the grid would hamper military mobilization and logistics, impairing the government’s ability to project force or pursue solutions to international crises.”
An early warning capability for power suppliers could prevent an attack entirely or blunt its effects, such as damage to equipment. But the vast scale of the nation’s electrical infrastructure means that some number of systems are likely to be in an abnormal state at any given time, and it can be difficult to distinguish between routine outages and actual attacks. RADICS looks to develop advanced anomaly-detection systems with high sensitivity and low false positive rates, based on analyses of the power grid’s dynamics.
Recognizing that in some locations Internet infrastructure may not be operational after an attack, or that hackers may have embedded malicious code in utilities’ IT systems during an attack, RADICS also calls for the design of a secure emergency network that could connect power suppliers in the critical period after an attack. The creation of such a network will require new research into advanced security measures, as well as innovative technologies to facilitate the rapid connection of key organizations, without relying on advance coordination among them.
“Isolating affected utilities from the Internet would enable recovery efforts to proceed without adversary surveillance and interference,” Everett said, “and providing an alternative means for online coordination would enable a more orderly restoration of power among affected organizations.”
Finally, the RADICS BAA calls for the research and development of systems that can localize and characterize malicious software that has gained access to critical utility systems. These systems will augment the abilities of skilled cyber first responders to triage impacted systems and assist utility engineers with the rapid and safe recovery of power.
Image Caption: Composite image of the United States’ city lights assembled from data acquired by the Suomi National Polar-orbiting Partnership (NPP) satellite: Click on image below for high-resolution.
Source: Raytheon and DARPA