Sandia delivers grid security and grid modernization through research, development, and evaluation of solutions to maintain operations in an adversarial, compromised environment.

A Growing Threat

Electric power systems and power-system operators are more reliant on telemetry, automated controls, and communications than ever before in an effort to improve energy reliability, safety, and cost effectiveness. More specifically, emerging advancements in phasor measurement units (PMUs),  smart-grid technologies, cloud computing services, grid cyber vulnerability & assessments, and distributed energy resources (DER) represent significant cybersecurity threats to the continuity of delivered power. To mitigate the additional risk, deploying cybersecurity controls must be commensurate with the deployment of these enabling technologies.

Cybersecurity across the national electric grid is made difficult by a highly constrained solution space. Constraints on addressing grid cybersecurity include:

  • strong and growing levels of technical ability in the nation’s adversaries
  • 20-year technology refresh cycle
  • limited avenues for utilities to fund security
  • system owner reluctance to adding hardware or software that could potentially impact warranties
  • a focus on availability over integrity or confidentiality of data

Control system cybersecurity, including grid control, has operated as a niche for some time. That status is ending, however, as the nation’s grid now operates in a world where grid vulnerabilities can be easily discovered through open Internet research.

Leveraging Decades of Research in Cybersecurity

Cybersecurity work at Sandia leverages extensive federal investment over many decades and the laboratory’s 60-year history ensuring a safe, reliable nuclear stockpile. Since the dawn of electronic information processing, Sandia has been required to ensure secure operations from the level of individual computing devices to national-scale networks. This mission has evolved into several unique capability areas that now range far beyond weapon assets.

Sandia’s successful early focus on adversary-based vulnerability analysis has resulted in the laboratory serving federal sponsors through more than 300 technical system security assessments. Supply chain integrity has received dedicated analysis from the days when engineering and manufacturing were large Sandia missions through to the modern state where engineering is still a Sandia specific mission but manufacturing is nationally distributed. Sandia’s influential role in the national nuclear security enterprise has led to the development of rigorous risk management capability to help the national enterprise make risk mitigation investment decisions. For example, the laboratory launched a high performance computing (HPC) capability to evaluate engineering results after the Test Ban Treaty eliminated the option of physical nuclear explosion experiments. HPC has evolved in numerous directions, including emulation, analytics, and interdependency-based consequence analysis.

In the context of grid security, emulation is vital because experiments at scale are prohibitively expensive to configure on test hardware and excessively risky to run on operational systems. Analytics are also important because cybersecurity needs cannot be met through manual methods; the number of skilled cybersecurity practitioners available is insufficient, and humans cannot react at machine speeds.

For as long as electromechanical systems have been used in nuclear assets, Sandia has been required to understand their fundamental operations and apply that understanding up to the level of system operation. Sandia’s deep technical understanding at all levels gives the lab unique capabilities in communication protocols and the reverse engineering and analysis of computing device firmware.

Weaselboard is an analytics capability fielded on a federal sponsor’s operational systems. Weaselboard provides independent introspection into control system backplane signals such that system compromise is detectable even if the system’s computing resources are being deceptive.

More than 300 Information Design Assurance Red Team projects have been and are being executed across a wide range of targets, from individual embedded systems to global enterprise systems. Sandia has conducted initial assessments of Advanced Concept Technology Demonstrations for military prototypes and assessments for the Defense Advanced Research Projects Agency. This work has been conducted through many years and across diverse sponsors including the energy, finance, manufacturing, and information technology sectors. Federal sponsors have included the Departments of Energy, Defense, Interior, Homeland Security, and State.

For more than a decade, Sandia’s Emulytics™ program has continued to develop a suite of emulation, modeling, and analysis tools for exercises and training that include forensics, predictive simulation, and real-time dynamic defense. Emulytics provides a safe environment in which a broad array of parameters and technologies can be evaluated with an appropriate level of fidelity, without impacts to critical operations. Sandia researchers combine emulated, simulated, and physical test bed environments as appropriate to achieve the required level of fidelity.

Sandia’s Supervisory Control and Data Acquisition (SCADA) Controls Lab allows for simulating and monitoring virtual cyber attacks on the grid.