Sandia delivers grid security and grid modernization through research, development, and evaluation of solutions to maintain operations in an adversarial, compromised environment.

A Growing Threat

Electric power systems and power-system operators are more reliant on telemetry, automated controls, and communications than ever before in an effort to improve energy reliability, safety, and cost effectiveness. More specifically, emerging advancements in phasor measurement units (PMUs),  smart-grid technologies, cloud computing services, grid cyber vulnerability & assessments, and distributed energy resources (DER) represent significant cybersecurity threats to the continuity of delivered power. To mitigate the additional risk, deploying cybersecurity controls must be commensurate with the deployment of these enabling technologies.

Cybersecurity across the national electric grid is made difficult by a highly constrained solution space. Constraints on addressing grid cybersecurity include:

  • strong and growing levels of technical ability in the nation’s adversaries
  • 20-year technology refresh cycle
  • limited avenues for utilities to fund security
  • system owner reluctance to adding hardware or software that could potentially impact warranties
  • a focus on availability over integrity or confidentiality of data

Control system cybersecurity, including grid control, has operated as a niche for some time. That status is ending, however, as the nation’s grid now operates in a world where grid vulnerabilities can be easily discovered through open Internet research.

Research Areas

Cybersecurity work at Sandia leverages extensive federal investment over many decades and the laboratory’s 60-year history ensuring a safe, reliable nuclear stockpile. Since the dawn of electronic information processing, Sandia has been required to ensure secure operations from the level of individual computing devices to national-scale networks. This mission has evolved into several unique capability areas that now range far beyond weapon assets.

The laboratory’s grid modernization cybersecurity work includes:

  • grid control monitoring using advanced analytics for asymmetric cyber defense
  • risk management and consequence analysis focused on interdependencies between multiple critical infrastructures
  • situational awareness across multiple domains simultaneously
  • cyber agility through Emulytics™
  • supply chain integrity
  • protocol and firmware reverse engineering
  • vulnerability assessment and red teaming

Weaselboard is an analytics capability fielded on a federal sponsor’s operational systems. Weaselboard provides independent introspection into control system backplane signals such that system compromise is detectable even if the system’s computing resources are being deceptive.

More than 300 Information Design Assurance Red Team projects have been and are being executed across a wide range of targets, from individual embedded systems to global enterprise systems. Sandia has conducted initial assessments of Advanced Concept Technology Demonstrations for military prototypes and assessments for the Defense Advanced Research Projects Agency. This work has been conducted through many years and across diverse sponsors including the energy, finance, manufacturing, and information technology sectors. Federal sponsors have included the Departments of Energy, Defense, Interior, Homeland Security, and State.

For more than a decade, Sandia’s Emulytics™ program has continued to develop a suite of emulation, modeling, and analysis tools for exercises and training that include forensics, predictive simulation, and real-time dynamic defense. Emulytics provides a safe environment in which a broad array of parameters and technologies can be evaluated with an appropriate level of fidelity, without impacts to critical operations. Sandia researchers combine emulated, simulated, and physical test bed environments as appropriate to achieve the required level of fidelity.

Sandia’s Supervisory Control and Data Acquisition (SCADA) Controls Lab allows for simulating and monitoring virtual cyber attacks on the grid.