As the federal government works to increase its posture on cybersecurity, the Department of Energy faces distinct challenges in securing an energy infrastructure that largely consists of equipment designed before the internet was a consideration, much less hacking and cybersecurity. But it also has some unique resources to draw on in accomplishing this mission.
“The Energy Department has a unique set of capabilities within the government because of the labs, but also because of the general mission of the Department of Energy,” said Max Everett, DoE’s chief information officer. “I think you’re going to see a lot of improvement over the next year or so in what we’re doing in protecting the infrastructure here.”
Those unique and diverse capabilities are driving the department to organize its cybersecurity efforts differently.
“Because we’ve got so many different internal partners who have capability, like the labs and other groups, we’re getting more collaborative in the environment,” Everett said. “The secretary has made that a priority, to ensure that everyone across the department is collaborating because they bring a unique set of skills and capabilities and personnel.”
One of the biggest challenges DoE faces is that the vast majority of that infrastructure is privately owned. That means the department has to work with the private sector to secure the energy grid.
That’s why its labs are performing research based around enhancing situational awareness and visibility. Some is pure scientific research, while more is meant to be commoditized and moved to the private sector.
Jennifer Silk, senior advisor for cybersecurity, detailed some of the projects the labs are working on.
For example, Berkeley National Laboratory developed an intrusion detection tool known as “BRO,” which enables analysts to automate actions based on very complex patterns of network behavior. Bro is now widely used in academia, government and industry, including major technology companies such as Amazon, Apple and Cisco.
At Savannah River National Laboratory, researchers have pioneered a cybersecurity solution that uses low-earth orbit satellites and random number streams to validate a user’s geographical location, and limit access based on that information. This program could change the way cyberattacks are prevented, especially in remote locations.
At Sandia National Laboratory, researchers are working on a couple of different projects. One is a commercial solution that prevents physical tampering with boxes on utility poles, which are a vulnerable point for newer systems that hackers like to exploit.
Another is the ADDSec (Artificial Diversity and Defense Security) program, which applies moving target defense to energy infrastructure. It’s able to be retrofitted into existing infrastructure to make the whole system more secure and resilient.
“It enables operators to randomize the network topology to help prevent reconnaissance on their system in the first place,” Silk said. “It’s also working to detect attacks using machine-learning algorithms while developing a variety of automated defense responses to be able to mitigate attacks. So it’s really using machine learning to detect attacks, isolate them and mitigate them before they even have to be identified by a human.”
She said ADDSec is already in real-world tests and providing results, and that it should be only a year or two from its release.