New Cyber Technologies Protect Utility Energy Delivery Systems

Upon discovering cyber vulnerabilities, MEEDS provides security alerts on a dashboard. It also provides recommended risk mitigation actions, relative vulnerability risk grades, and relative risk scores. MEEDS incorporates detailed best practices about select common OT protocols and will generate recommendations based on the detected exposures.

PNNL developers worked closely with utilities during development and recently demonstrated a prototype to other utilities and the National Rural Electric Cooperative Association.

“Their initial response to the demonstration was positive, and we’ve implemented their feedback to assure the software design meets end-user needs,” said Bev Johnson, MEEDS project manager.

The MEEDS app is available for licensing for use in the utility sector. MEEDS features both basic and advanced features, so both novice-cyber and cyber-savvy users can use MEEDS to safely understand the cyber-risks their electric delivery systems are exposed to and act on that information.

The development team is also expanding the tool for use in assessment and mitigation of cyber vulnerabilities in any critical infrastructure dependent on operational technologies, including in buildings where many functions are regulated by control systems.

Cybersecurity from the Inside Out
While MEEDS protects the outward edge of an energy delivery system, another new tool from PNNL protects and identifies vulnerabilities inherent inside the firewall. The Safe, Secure Autonomous Scanning Solutions for Energy Delivery Systems, or SSASS-E, helps utilities manage their cyber risk by tracking and reporting on devices on an internal network.

“Current approaches to vulnerability assessment don’t provide continuous scans, so a new approach is needed,” said Thomas Edgar, a PNNL cyber researcher, who specializes in securing operational technologies.

An “IT-Like Approach” to OT Systems
Devices used in OT environments are very different from information technology systems. Traditional active scans search IT networks to find vulnerabilities. But in OT environments, active scans can cause faults in control devices. So, PNNL researchers developed an IT-like approach to safer, passive scanning using intelligent active and passive probes that won’t cause failures or down time.

SSASS-E nearly eliminates the operational problems with active scans and provides improved vulnerability discovery compared to passive scans. The sensors and scanners distributed across the energy delivery system let utilities know exactly what devices are in their targeted operational technology systems.

The SSASS-E tool also helps utilities confirm what devices have been added or removed between scans and manage their vulnerabilities. PNNL researchers teamed with Tenable Inc. to transform their active vulnerability scanners for the OT environment. The prototype has been tested and is able to identify energy delivery-based devices and discover vulnerabilities without disrupting operation of those devices.

The monitoring tool helps validate that a system is configured based on operating policies or best practices and hasn’t been inadvertently exposed through reconfiguration. The active scans for device identification and vulnerability discovery are triggered based on the passive evidence being observed, policy settings, and an action-based decision tree algorithm. The policy settings allow the utility user greater control over deciding which category of scans are safe to be applied to the devices. The devices identified and vulnerabilities discovered in the device configurations, along with suggestions for mitigating those vulnerabilities, are reported via a web interface.

In developing SSASS-E, PNNL teamed with utility and industry partners to gather requirements for a better approach to cyber scanning. PNNL researchers are now seeking more utility users to deploy the technology in additional pilot tests of the SSASS-E platform.