Power grid
Department of Energy Beefing Up Electric Grid Cybersecurity
The Department of Energy is integrating machine learning with a threat information-sharing tool the agency developed to find cybersecurity adversaries embedded in electric grid control systems, an official close to the project revealed. Rita Foster, infrastructure adviser at the Idaho National Laboratory, said embedded systems are “black boxes with little insight on what subcomponents make up the code underneath.”
Foster said such systems prevent protection and potentially render the grid vulnerable. However, she noted that emerging machine-learning techniques enable the identification of ubiquitous libraries, which may contain known potential vulnerabilities, FedScoop reported.
The department’s Grid Modernization Laboratory Consortium consists of the Idaho, Argonne and Sandia national labs and the National Renewable Energy Laboratory, all of which are currently collaborating on the Firmware Command and Control project.
Firmware was described as permanent, and often vulnerable, software present in industrial control systems and operational technology. To mitigate risks, INL partnered with software company Forescout Technologies to ensure FC2’s cyber data analytics could detect firmware-centric vulnerabilities with machine learning.
INL further developed the Structured Threat Intelligence Graph for sharing actionable threat information among grid utilities and OT vendors. Rather than having threat analysts read thousands of lines of code, STIG visualizes relationships between attack patterns, compromise indicators and exploits, and presents mitigations.
Foster stressed the need for analysis tools to share security threat information and intelligence in view of the inadequacy of existing tools.
Fourteen vulnerabilities were recently discovered in the stacks of some big-name operational manufacturers employed by the government. The 14 system weaknesses were revealed using cutting-edge automated binary analysis for large-scale vulnerability finding, it was reported.
Meanwhile, Forescout recommends that utilities limit the network exposure of critical vulnerable devices through network segmentation, apply patches once vendors release them, and block or disable support for unused protocols like HTTP.
Category: Cybersecurity