Essence) Software Defined Network to Assist Small Electric Cooperatives with Limited Resources for Securing Utility Operational Networks

Energy Sector Security Appliances in a System for Intelligent Learning Network Configuration Management and Monitoring (Essence) Software defined network to assist small electric cooperatives with limited resources for securing utility operational networks

Background Project Description Benefits Utilities of all sizes are faced with the The Essence project is developing • Provides electric cooperatives with challenge of configuring, managing, tools that facilitate more secure cybersecurity tools that emphasize the monitoring, and securing their information operational network management. “human factor”: technology that helps technology and operational technology SDN will provide a solution to smaller utilities and electric (IT and OT) networks; but the challenge assist cooperatives with mapping cooperatives, with limited resources, to more easily design and manage more is more acute for small utilities and their networks, analyzing traffic, secure operational networks electric cooperatives with limited resources and learning expected traffic flow • and personnel. As the electric industry to better inform human operators. Detects zero-day exploits increasingly migrates utility IT and OT • Integrates detection with methods and Traditional approaches to cybersecurity systems to virtualization and cloud- tools for remediation have been largely prescriptive in the • Provides real-time cybersecurity that is managed services, these small electric sense that a series of experts defines tests cooperatives could benefit from shared aware of power grid operations to detect malware and suspicious solutions that keep up with these trends. • communications. The effectiveness of Provides flexible and reliable development and enforcement of utility New solutions can further take such systems depends on a long security policies advantage of emerging software defined sequence of individuals all doing their • Uses dynamic, role-based access networking (SDN) capabilities to jobs perfectly, ranging from experts in control automate the network response to a cybersecurity forensics to utility staff • Prevents malicious network traffic cyber compromise. SDN automates who maintain firewalls. The Essence secure operational network management project is focusing on systems that are • Simplifies security reporting and while reducing the effort and risk reactive, detecting potential threats by compliance tasks for utility operational networks associated with manual processes. Small learning normal operational patterns electric cooperatives could leverage this (using machine intelligence) and Partners technology to provide stronger network monitoring for anomalies. security and to manage operational and • National Rural Electric Cooperative Essence is providing the ability to Association back office networks. update a utility’s security policy as • Honeywell Barriers business needs and cyber threats • Carnegie Mellon University • Small utilities and electric evolve, while ensuring that changes • Pacific Northwest National Laboratory cooperatives have limited resources conform to a utility’s security for managing/securing networks. policy. By using utility protocols • Cigital, Inc. (e.g., MultiSpeak, DNP3), filtering • A “reactive” approach to detecting threats is new and unfamiliar. rules are applied to detect and • Quantifying return on cybersecurity prevent malicious operational investments is challenging. network traffic.

Abstraction model of the Essence system

Technical Objectives Phase 2: Refine System Performance End Results The project is developing tools that • Test the improved version of the Project results will include the following: facilitate more secure operational Essence system, based on the Phase 1 • network management in two phases. results from several utilities with Automated tools for learning what normal utility operations look like Phase 1: Develop and Test System different technologies and modus operandi • Automated tools for detecting potential • Develop a fully operational system • Refine system performance and breaches • Test the system’s ability to capture traffic-handling capabilities as • Automated software defined network data at realistic volumes, train a appropriate model of “normal” communications management tools to isolate and perform traffic, and detect anomalies with an graceful degradation of compromised communication channels acceptable level of false positive and false negative findings; conduct tests at a small number of utilities at lower traffic volumes

November 2014 Cybersecurity for Energy Delivery Systems (CEDS) Contact Information: For More Information:

CEDS projects are funded through the Department of Energy’s (DOE) Carol Hawk Craig Miller • http://energy.gov/oe/technology- Office of Electricity Delivery and Energy Reliability (OE) research and Program Manager Chief Scientist, National Rural development/energy-delivery- development (R&D) program, which aims to enhance the reliability and DOE OE R&D Electric Cooperative Association systems-cybersecurity resilience of the nation’s energy infrastructure by reducing the risk of 202-586-3247 703-626-9683 • www.controlsystemsroadmap.net energy disruptions due to cyber attacks. [email protected] [email protected]