Protecting Our Nation's Critical Infrastructure
Control Systems are the 'brains' of the control and monitoring of the bulk electric system and other critical infrastructures, but they were designed for functionality and performance, not security. Most control systems assume an environment of complete and implicit trust.
--from the North American Electricity Reliability Corporation (NERC) Web site
Pacific Northwest National Laboratory's cyber security capability addresses protecting the cyber-based systems that monitor and control our nation's critical infrastructure. Through the application of state-of-the-art technologies, we support clients with both traditional development and operational issues related to cyber security.
Intrinsically Secure Computing (ISC). Click for a larger image.
Intrinsically Secure Computing (ISC) involves software and systems that will inherently respond to and defend themselves against internal and external threats. ISC contains trusted engineering so implicit trust is replaced with explicit trust. Once we can trust our communications, we can better defend against a security breach and respond to events. If we trust all communications as valid, it's more difficult to defend against security breaches and respond because we can't trust the communications that may have caused them.
While "designed in" security is our ultimate goal, the need to protect other systems remains important. Pacific Northwest National Laboratory's cyber security capability incorporates the corrective and forensic security measures needed to support and maintain legacy and modern systems such as SCADA systems.
Updating Control System Security
Control System Authentication. We are building authentication technology into the next generation of vendor technology as well as developing add-on solutions in the interim. Click for a larger image
Control systems were built with reliable operations in mind, not security. Couple that with the life cycle of control system equipment which may be 20 to 30 years old. These two characteristics help inform the work of Pacific Northwest National Laboratory's cyber security team, which is working to implement computer security in a way that will not harm the control system. Our goal is to develop or migrate technology from the information technology world to the control system world without adversely impacting reliable operations. We work collaboratively with national and international standards bodies, vendors and universities to arrive at better solutions.
Example of SCADA architecture. Click for a larger image.
We have the ability to use Pacific Northwest National Laboratory's Electricity Infrastructure Operations Center (EIOC) and Supervisory Control and Data Acquisition (SCADA) laboratory to measure the impact of vendor security products on control systems communication. The EIOC provides a test environment where we can examine the impacts of vendor projects using live data. One result of these impact assessments is suggestions for enhancing and improving vendor products. In addition, we may discover new features beneficial to industry.
We offer vulnerability assessments, design reviews and cyber security tracking for control systems. The EIOC may be used for training activities locally and remotely.
Publications and presentations
Hadley MD, and JB McBride. 2006. "Cyber Security Vulnerability Impact on I&C Reliability." In 5th International Topical Meeting on Nuclear Plant Instrumentation Control and Human Machine Interface Technology (NPIC&HMIT 2006). Pacific Northwest National Laboratory, Richland, WA.