The nation’s electric power grid consists of thousands of miles of high-voltage power lines, substations and distribution transformers, and millions of miles of low-voltage power lines providing electricity to homes, businesses and communities. Industrial control systems are at the heart of this network, controlling the flow of power and regulating safety and reliability.

Utilities rely on these systems to gather and communicate data on grid processes and operations and send commands to field connected devices controlling the flow of electricity. But as the power grid has evolved and new technology has been introduced, cybersecurity vulnerabilities in operational technology like control systems are an increasing concern to national security.

Quick Facts:

• INL’s electric grid security capabilities include staff expertise, laboratory space and a full-scale test bed complete with modern commercial infrastructure.
• INL has extensive relationships throughout government, academia and private industry supporting collaborative approaches to power grid security and control systems cybersecurity.
• The electric grid test bed is located on the laboratory’s 890-square mile Site.
• The electric grid test bed is one of several testing environments capable of supporting government, military and industry customers with full-scale research, testing and training services.

The Department of Energy Office of Electricity (DOE-OE) partners with INL on the Protective Relay Permissive Communication (PRPC) program to develop emerging solutions to protect the modern power grid from cyber and physical threats. One of the most important components of the electric power grid is the protective relay. When equipment fails or dangerous actions are initiated, relays protect power systems from damage. Protective relays provide protection against conditions on the power grid which could negatively affect the grid, damage equipment, or cause loss of life.

The PRPC program studies ways to transition protective relay equipment to a limited state. In a limited state, only the most essential relay functions operate. This constrained state represents an additional depth of defense of cybersecurity, while maintaining important business functions.

The Idaho National Laboratory’s (INL) Resilient Controls and Instrumentation Systems (ReCIS) Distinctive Signature is recognized as a thought leader in “resilient” control systems. Resilient systems maintain state awareness and proactively maintain operational normalcy in response to anomalies, including malicious and unexpected threats. This ReCIS focus anticipates emerging national challenges associated with the efficiency, effectiveness, and security of the Nation’s defense and critical infrastructure systems, including its wired and wireless communications networks.

FACILITIES AND CAPABILITIES

ReCIS has a range of research facilities and test beds dedicated to sensors, control and intelligent systems research. The laboratory offers a variety of test beds for control system research, which can be utilized for complex evaluation of control system designs for cyber security, advanced control and operational verification and validation. >> READ MORE

RESILIENCE WEEK

Large disasters may ripple across cities, regions or even nationally through interconnected critical infrastructure systems. Right now, many of those connections are invisible, making it very difficult to put effective mitigation strategies in place. Critical links are often uncovered too late, causing greater impacts to infrastructure and challenging recovery efforts on the ground. Resilience Week is a symposia dedicated to the resilience of cognitive, cyber-physical systems. >> READ MORE

Large disasters may ripple across cities, regions or even nationally through interconnected critical infrastructure systems. Critical links are often uncovered too late, causing greater impacts to infrastructure and challenging recovery efforts on the ground.

INL develops new ways to enable decision-makers to understand the inter-connectivity and interdependencies of critical infrastructure systems. N&HS employs experts partnered with industry and government to provide response and recovery from natural and cybersecurity events for owners and operators of critical infrastructure. The lab’s expertise spans industrial control systems security, forensics and analysis.

The goal is to simplify and speed risk analysis by effectively and efficiently identifying hidden dependency risks, provide planners the ability to identify mission-critical processes and dependencies, and address contingency measures well before disaster strikes.

In collaboration with the Department of Defense, cyber and electric grid reliability researchers at INL have acquired and are using the physics-based Real Time Digital Simulator for enhancing the security of the nation’s electric power grid and related control systems including supervisory control and data acquisition systems. It allows engineers to visualize the effects of power grid failures. With 15 racks, INL has the largest installation of RTDS in the national lab system.

The ability to simulate real–time power grid information is a key factor in detecting previously unknown vulnerabilities and providing infrastructure owners and operators with a path forward for responding to grid failures. The simulator allows critical infrastructure protection specialists to predict, plan and prepare for catastrophic events.

To safeguard the public and support the Department of Energy’s (DOE) mission to ensure our energy delivery system is secure, resilient and reliable, Idaho National Laboratory operates a utility-scale electric grid test bed. The test bed is an operational, commercially fed system that provides power to INL’s key research facilities across its sprawling 890-square mile desert Site. The test bed includes: seven substations, a control center, 61 miles of 138kV transmission lines and multiple distribution circuits at 15kV, 25kV and 35kV.

Future Grid Enhancements

In 2019, INL expanded it power grid transmission and distribution network with the addition of a dedicated 16.5 mile, 138kV transmission line, equipment lay down areas, and new test pads for research and equipment testing. This additional line will be dedicated solely to conducting full-scale test experiments involving equipment such as diesel generators, transformers, gas-filled circuit breakers, switchgear, load banks, instrumentation and battery trailers. The expansion will also involve upgrades and modifications to one substation and control room additions.

Working with a broad range of private industries, government organizations, vendors and manufacturers to develop techniques and tools, INL researchers help reduce the cyber vulnerabilities found in many of the nation’s critical infrastructures.

• Reverse engineering
• Firmware extraction and analysis
• Vulnerability and device specific assessments
• Malware analysis and capability development
• Communication protocols (CANbus, etc.)
• Cyber hunt and incident response
• Cyber capability and tool development
• Domestic nuclear R&D
• Cybersecurity talent pipeline

To achieve mission success, the center combines seasoned control systems cybersecurity analysts, experienced power engineers, cyber researchers, and control systems experts to perform cutting edge analysis.

This supports national security initiatives that strengthen the security and resilience of critical infrastructure against cyberattacks.

• Analytic tradecraft for control systems cyber threats
• Tracking and reporting on adversary capabilities
• All source analysis and research
• Control systems cyber security situational awareness
• Key language skills and translation capabilities
• Methodology development for threat and consequence prioritization
• Analytic support to training development
• Quickturn/operational threat analysis
• Threat specific consultation services

INL cybersecurity is focused on different types of control systems and associated instrumentation, which include the devices, systems, networks, and controls used to operate and/or automate industrial processes.

• Senior control systems subject matter experts
• Sector specific control systems engineering experience (power, oil and natural gas, water, food and agriculture, etc.)
• Control systems specific training curriculum and tool development (domestic and international)
• Control systems design and integration
• Cyber-informed engineering design
• Control systems specific consultation services
• Real time digital simulation modeling expertise (high and low side)
• Technical policy/standards

INL’s nuclear security programs are fundamentally changing how the nation and world approach analysis of threats to the complex myriad cyber-physical systems.

Instrumentation and control within nuclear facilities and operations are continuously connected with information technology and wireless communications to address efficiencies, cost savings and convenience. In this digital command and control environment, the use of physical boundaries alone is inadequate to secure nuclear technology and facilities. An integrated cyber physical security approach is essential to address the resilience of the facility and continuity of operations.

INL’s nuclear and cybersecurity capabilities include:

• Internationally recognized nonproliferation experts with real-world experience and backgrounds in nuclear facility inspection, physical protection, modeling and simulation, materials science, physics, and engineering.
• Comprehensive instrumentation and control, cyber and nuclear nonproliferation capabilities with similar nuclear infrastructure, and examination equipment found worldwide.
• Replication of typical control system network for architecture reviews and system hygiene to support asset owners in securing their systems.
• Protocol analysis, reverse engineering and forensics to advance persistent threat mitigations for the nuclear industry.
• Cyber-informed risk methods and unique engineering designed tools and methodologies to anticipate cyber and physical security risk and investment strategies.
• Frameworks for prioritization of investments and threat indicators for high-consequence activities.

INL’s Cybercore Integration Center is housed in an 80,000 square foot state-of-the-art facility equipped with secure office space and laboratories and leverage relationships with leading industry cybersecurity companies, universities and thought leaders to create the nation’s preeminent resource for control system cybersecurity.

As organizations integrate new technology solutions into their operational processes, their risk exposure also increases.

Consequence-Driven Cyber-Informed Engineering moves beyond the traditional focus areas of security by looking at an organization’s entire operation, securing the most essential operations and processes while simultaneously securing the technology. These frameworks expand on traditional assessments so that vulnerabilities are assessed not only in the context of a specific technology, but also how an exploited vulnerability may impact the operations and processes of the entire organization.

Cyber Testing for Resilient Industrial Control Systems (CyTRICS) 
Identify high priority operational technology (OT) components, perform expert testing, share information about vulnerabilities in the digital supply chain, and inform improvements in component design and manufacturing.

Translating real-world cybersecurity events to protect U.S. utilities.

The Cyber Strike workshop is an example of Cybercore Integration Center actively enabling research and development of cybersecurity solutions to:

• Understand and manage the multifaceted interdependencies between the grid and other critical infrastructure
• Detect and respond within compressed timelines to prevent highly impactful consequences
• Develop top-tier defenders to mitigate sophisticated threat actors
• The U.S. Department of Energy’s Office of Electricity Delivery and Energy Reliability, in collaboration with the Electricity Information Sharing and Analysis Center and INL, continues to host Cyber Strike workshops for electricity sub-sector owners and operators in the U.S. to enhance their preparedness against a cyber incident impacting industrial control systems.

INL advances the cyber resilience of critical infrastructure for the U.S. through improving and supporting cyber-physical risk analysis and risk management based on Information Technology and Operational Technology  cyber defense and digital engineering practices.

AREAS OF EXPERTISE:

• Cyber defense operations and incident response
• Cyber architecture risk evaluation and mitigation
• Vulnerability management and coordination
• Digital engineering design and architecture
• Critical infrastructure cybersecurity methodologies and programs development

Given the increasing interconnections and interdependencies of systems — such as communications, power distribution and transportation infrastructure — it is essential that government agencies and industry recognize potential vulnerabilities and mitigations to protect critical infrastructure. Critical infrastructure analysis enables stakeholders to improve resilience and disaster preparation through resiliency assessment, dependency analysis and visualization, commodity and proportional flow mapping, modeling and geospatial analysis, as well as tabletop exercises and other risk management tools.

AREAS OF EXPERTISE:

• Infrastructure analysis
• Emergency management planning and response
• Geospatial science analysis and custom visualization
• Risk-informing infrastructure and intelligence analysis
• Modeling and simulation, artificial intelligence, and machine learning
• Infrastructure applications information technology architecture design and software development

The Subway System Interactive Infographic (SSII) is a visualization tool used to illustrate critical infrastructure system components, relationships, and cascading failures.

Infrastructure dependencies are visualized to help prepare for, respond to, and recover from all types of disruption.

National and Homeland Security develops and deploys training and exercises to enhance critical infrastructure security. The training and exercises are a result of an emphasis on multi-agency collaboration, partnering and sharing of experts and research facilities. This approach accelerates the maturation of technologies and methodologies from the conceptual to deployment stages; optimizes the benefits of leveraging investments in expertise, research programs and technical infrastructure; and creates effective environments for immediate information sharing of discoveries and emerging threats.

AREAS OF EXPERTISE:

• Cybersecurity training design and delivery
• Tailored cybersecurity training instructional design for formal, mobile, and e-learning
• ICS cybersecurity training aids development
• Cyber-security Competency Health and Maturity Progression (Cyber-CHAMP©) Model

AHA is a dynamic analytical framework that utilizes data about critical infrastructure to enable knowledge discovery and decision support. As the infrastructure changes, AHA is updated. The tool is used to simulate possible scenarios that might impact critical infrastructure, from natural disasters to addition of new equipment.

A virtual center to coordinate INL’s capabilities in assisting federal, state, local and private stakeholders with protecting operations from disruption.

INL’s Resilience Optimization Center tackles infrastructure resilience challenges through applying laboratory-wide capabilities and expertise. The center leverages 70 years of innovation; federal, state, local, private industry, and academia partnerships; unique research facilities; and 500+ multi-disciplinary experts from an unbiased federally funded research and development center. These offer a unique, shared perspective about inhibitors to future resilient infrastructure ecosystems, including the right balance of technology, economics and policy.