American Public Power Association (APPA) Cybersecurity Summit November 2018

Wayne Austad,

Technical Director

Cybercore Integration Center

Wayne.Austad@inl.gov

Securing Critical

Infrastructure through

Resiliency R&D and

Workforce Education

The Idaho National Laboratory – 70 Years of Groundbreaking Nuclear Energy R&D

Energy and Environment

National Reactor Testing Station

1949 1997

Environmental Management Mission

2005

INEEL & ANL-W combined to create the new Idaho

National Laboratory

Nuclear Energy

2019

Advancing Nuclear Energy

Securing & Modernizing Critical

Infrastructure

Enabling CleanEnergy Systems

1974

Energy Mission – Reactor Science, Safety and

Sustainability Solutions

Building a New Laboratory

National and Homeland Security

2

INL’s Strategic Science & Technology Initiativesto Achieve Our Energy Security Mission

Cyber-informed science and engineering

Nuclear energy competitiveness and

leadership

Integrated nuclear fuel cycle

solutions

Integrated energy

systems

Advanced design and

manufacturing

Strategic Science & Technology Initiatives

Strategic S&T initiatives are built on solid foundations to address grand challenges and advance energy and security goals for the nation

3

Control Systems Cybersecurity

Electric Grid Resilience

Nonproliferation/Safeguards

Nuclear Forensics/Ultratrace Detection

Armor Development

Emergency Training & Response

Wireless Communications & RF Modeling Materials & Energetics

National & Homeland Security Directorate –R&D, Demonstration & Deployment (RDD&D) Capabilities

Continual Focus on the Nation’s Global Security Challenges

4

Unique National Security Infrastructure and Capabilities

Innovation in nuclear, control systems, power grid, wireless and physical security

Research and Education Campus

Controls & Energy Security Labs

~20k TNT, VA Center

National Security Test Range

First Responder Training

Radiological Ranges

Electro-refining, SNM for Test/R&D

Nuclear Materials R&D

Commercial Feeds,

Test Loops/Spurs

Electric Grid Test Bed

Wireless Test Bed

Agile Spectrum

100% Quality Product

Specific ManufacturingWater Security Test Bed

Municipal Water System

Full-scale real-world testing and demonstrations for deployment(designed, built and operated by INL)

Integrated testing across multidisciplinary areas (radiological, physical security, explosive, power, controls, cyber)

Rapid development through model, test, validate, and refine(high fidelity, effects-based modeling, rapid testing and measurement)

Access to the full range of support services (lineman, engineers, rad techs, fire fighters and security forces)

Ability to develop prototypes, manufacturing process and resolve uncertainty

5

Integrating diverse capabilities to protect and mitigate current and emerging natural and man-made threats to the nation’s critical infrastructure.

Energy Power Grid Research & Development

CITRC

Wireless

Test Bed

REC

Full-Scale

Power &

Wireless

RDD&D

Utility Substation

Equipment &

Configuration

Power Grid

Distribution

Reliability

Cybersecurity R&D Labs

Data Visualization &

Advanced Modeling

& Simulation

890 sq. mile

test range

6

Critical National Challenges in Control Systems CyberA More Holistic Approach to People, Partnerships, and Technology is Needed

National measure/countermeasure approach is not

sustainable, scalable, or anticipatory

Fundamental science &

engineering of cyber challenges are inadequately advanced

R&D and complex solutions require

expensive systems and large-scale proving grounds

Technical expertise is

in limited supply and mostly consumed

in operations

7

Cybercore Integration Center Build an Enduring Control Systems Cybersecurity Innovation Capability

Virtual Research Park Interdisciplinary

Talent Pipeline

8

• Cyber-informed Engineering

• Situational Awareness

• Automated Response

• Embedded Security

• Secure Communications

Research & Development

9

Spectrum of RDD&D for integration and focus

Mitigate exploits before there is an

impact, particularly on legacy devices.

Automated Threat Responses and Resilient, Self-

Healing Systems

Engineering-based risk analysis,

hardening, detection, & threat disruption

devices.

Consequence-driven

Cyber-informed Engineering

Identify innovative mitigations and secure future

technologies within engineered designs

Security of Embedded

Technologies & Systems

Secure & Robust Wireless

Communications

Integrate security based on “physics”

of the channel communication

Analysis of key monitoring points, sensors, forensics, and R&D to address

gaps

Situational Awareness in Operational Technology

Risk and Impact Analysis Informs R&D

Fundamentals of the Engineered Process

10

Component and System Security

Long-Term vision requires both Engineered Approaches and Composable Security

Step 1 Step 2 Step 3 Step 4

Consequence Prioritization

System of Systems

Breakdown

Consequence-based Targeting (mapping the ICS Cyber Kill Chain)

Mitigations and Protections

(including tripwire development)

Kill Chain MitigationsKill Chain Analysis

Consequence-driven Cyber-informed Engineering (CCE)CCE for existing processes and critical functions …

Determine critical

functions; identify

processes that

cannot fail

Identify key attack

points to interrupt

critical system

functions;

information, access,

actions

Attack path

illumination; identify

options available to

adversary, and map

the steps they will

take

Design-out the

cyber-risk; interrupt

attacker options with

engineering controls

and threat tripwires

11

Changing the way engineers, operations personnel, and senior leaders understand

and mitigate cyber risk to their most critical subsystems and processes

Cyber-Informed

Engineering Lifecycle

CIE Framework: • Consequence/Impact Analysis

• Systems Architecture

• Engineered Controls

• Design Simplification

• Resilience Planning

• Engineering Information Control

• Procurement and Contracting

• Interdependencies

• Cyber Security Culture

• Digital Asset Inventory

• Active Process Defense

Think like a Hacker,

Act like an Engineer

System Design and

Development/

Implementation

Concept

Development

Requirements

Engineering

System

Architecture

Systems

Integration

Test and

Evaluation

Transition,

Operations and

Maintenance

Traditional OT

Cybersecurity

Risk Mitigation

Cyber-Informed Engineering (CIE) – New DesignsApply to the full Systems Development Lifecycle, V-Model

Security as engineering & operational culture,

not just the application of market technology12

• Pilot of a two-way operational

technology data sharing and

analysis capability to

determine what to monitor,

how to process data, and

how to share sensitive data

while protecting privacy.

– 4 utilities in diverse

environments:

transmission,

distribution, and

generation

– National laboratories

– DOE

– Cybersecurity experts

• Collaboration “with energy

sector partners to facilitate

the timely bi-directional

sharing of unclassified

and classified threat

information and develop

situational awareness tools

to enhance the sector's

ability to identify, prioritize,

and coordinate the

protection of their critical

infrastructure and key

resources.”

– E-ISAC

– National laboratories

– DOE

Cybersecurity for the Operational Technology Environment (CYOTE)

Cybersecurity Risk Information Sharing

Program (CRISP)

13

Focused on developing automated

response capabilities to protect critical

California infrastructure against cyber-

attacks … through [increasingly]

automated, machine-to-machine

communications to assess key indicators

and develop appropriate responses.

California Energy Systems for the 21st Century (CES-21)

14

Next Generation Control Systems: From Reliable to Resilient to Self-Healing

15

Resilient Design provides an

adaptive capacity and agility for

response to threats, including those

that are not well characterized by

traditional means

State Awareness provides essential

knowledge of operating parameters to

fully characterize the decision space

Threats are those elements that counter

normalcy and destabilize control system

networks – human error and malicious

attacks, complex latencies and

interdependencies

A resilient control system is one that maintains state awareness and an

accepted level of operational normalcy in response to disturbances,

including threats of an unexpected and malicious nature.

INL WSComm: Underlay Control Channel: Least burden on spectrum

Incumbent (Primary) Wideband OFDM and other signals / interference

WSComm Underlay contribution to average of sumWSComm Underlay elimination from average of sum

WSComm robustly integrates an “underlay control or communications

channel” with a dynamic high bandwidth “overlay channel” to create a new

foundation for adaptive spectrum use and cognitive radio technology

INL WSComm: High-data-rate Overlay Secondary-user Channels: White-spaces are identified and synchronized by underlay control channel sensing algorithm

… Foundational platform for series of innovations in agile and secure communications

Incumbent (Primary) Narrowband FH signal / interference

f

Signal

Power

Density

Noise

level

WSComm: Wireless Spectrum Communications

16

• Industry Training

• Educational Programs

Workforce Education

17

The National Workforce Capability Gap

Actionable threat analysis and information sharing

High quality and immediate incident response

Innovative R&D, deployable of long-term solutions

Advanced technology education

Relevant training and performance-based competency

Available specialized

expertise to address control

systems cybersecurity

threats is less than 10%* of

what the nation needs.

A multidimensional, long-term

workforce development

approach is needed:

• Hands-on training

• Initial competency

• Professional teaming

*INL’s insight gained from the many requests for

expertise from U.S. Government and private

sector leads to this estimation.18

Segregated areas for Red Team/Blue Team

Classroom supports up to 42 students Integrated substation with chemical plant

Visit: https://ics-cert.us-cert.gov/Training-AvailableThrough-ICS-CERT

DHS ICS Cybersecurity (301) – Red/Blue Training

19

CyberStrike Workshop

Training that provides self-contained

substation and generation environments for

hands-on, relevant participant experiences.

Hands-on Labs

• Open Source Intelligence

• Denial of Service

• Controlling the HMI

• Bypassing the HMI

• Firmware Analysis

• Passive Man in the Middle

• Active Man in the Middle

• Preventing Attack via Network

Segmentation

• 8-hour hands-on workshop

• Two workshop variations:

Electricity, Oil and Natural Gas

• Training platforms:

PLC, HMI, network switch

20

INL Contract RegionalStrategic University

Partnerships for Education & Research

Joint Appointments Researchers Students

Strategically align interdisciplinary programs, with hands-on collaboration on hard national challenges,

to enable the innovation and excitement that accelerate talent pipelines.

Institutional Approach to Academic Partnerships

21

22