PNNL researchers are tasked with protecting critical infrastructure to prevent and mitigate the damage that could be done from a cyber-attack on software, firmw...
At the Pacific Northwest National Laboratory, research into malware is the weapon of choice in cybersecurity. Zero trust is part of the laboratory’s mission to stay ahead of bad actors who seek to do digital harm to cause economic and national security damage.
PNNL researchers are tasked with protecting critical infrastructure to prevent and mitigate the damage that could be done from a cyber-attack on software, firmware and the networks that they operate on. The laboratory’s goal is to create the ability to detect potential threats and protect systems from attacks that sometimes originate in the firmware directly from manufacturers.
Elena Peterson, a senior cyber security researcher at PNNL said “our goal really is to help the government prepare for the needs, in the future, for cybersecurity and do some of the ground level research so they can put it into operation.”
Peterson works in the malware space in software and firmware, and in zero trust, and manages cyber security researchers who work in various fields using information technology and operational technology to create scenarios that mimic security challenges. Protecting the nation’s systems is a moving target.
“You have OT systems where firmware is going to naturally be updated, because they need the latest thing to work and we’re looking at ways to just confirm that those updates are valid updates. And that in that process, hasn’t introduced bad code, malicious code, or even code that’s going to cause other issues, even if it wasn’t maliciously done,” Peterson said on Federal Monthly Insights – Zero Trust. “We can still protect, especially industrial control system kind of things from bad code in general. So that’s kind of our focus, but yet, if they are of firmware, its hard to grab firmware and test it. It’s not like a binary. We can’t just get it and look at it. Getting it off the machine without hurting the machines sometimes is a hard process.”
Researchers at PNNL use zero trust principles when dealing with hardware and software that originates from multiple sources. Embedded in their efforts are the use of software bill of materials (SBOMs), but that is a challenge when dealing with legacy systems.
“We have some great capabilities in developing what are called SBOMs supply, software bill of materials and even hardware bill of materials. The idea of making sure you know what’s in a piece of software that you get and you understand what vulnerabilities might come along with that.” Peterson said. “That’s easy enough for newish software, harder for legacy software where you may not have source code . . . Most pieces of software that you get have other people’s software in it.”
One aspect of securing networks relies on authentication at numerous points between networks that can’t yet work together securely, known as network segmentation. Zero trust architecture allows for that increased security, and is the basis of 5G technology. The higher levels of security protect communications even when legacy systems can’t be trusted to do so.
“Never trust, always verify. So people may have heard that phrase, trust but verify. We say no, never trust, always verify. So that the idea is that there’s always continuous verification. There’s always strict access.” Peterson told the Federal Drive with Tom Temin. “Putting zero trust principles on legacy systems is a tough order and is an area that we’re doing some research in. Machine to machine communication is something that zero trust can really help with. . . something like a cell phone talking to a cell network that’s essentially machine to machine communication.”
PNNL works with different government agencies, training and advancing research while limiting redundancy in effort, and allowing for shared knowledge. But, even as they use modeling and newly developed training practices Peterson and her researchers must deal with the fact that bad actors are doing their research as well.
“There’s a wide range of issues in malware that still exist. It seems that the smarter we get in trying to defend, the folks looking to attack are equally smart and get a bit ahead of us at times.” Peterson said. “In cybersecurity, we will not run out of work. In general, for sure, as computers get better and faster, networks get better and faster, the need to secure them will always be there and will always be sort of new territory. So I don’t think I will run out of work.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Michele Sandiford is a digital editor at Federal News Network.