Idaho National Laboratory has completed a Technical Assistance Agreement with a company seeking independent evaluation of its test plans for improving a cybersecurity product designed to safeguard industrial controls and critical infrastructure.
Ampex Data Systems Corp. has developed a hardware/software architecture called BLUE Lighting to provide endpoint cybersecurity for industrial controls and critical infrastructure (to include power plants, factories, utilities, military installations, etc.). It is designed to detect intrusions, malware and network abnormalities in real time. This means an operator may actively defend against attacks even if malware has successfully gained control of a programmable logic controller (PLC) or remote terminal unit (RTU).
Cybersecurity is not a field in which it pays to rest on one’s laurels. When Ampex started developing a test plan for improving BLUE Lightning, it began asking people in the industry who to turn to for advice and third-party validation. “INL came very highly recommended to us, from more than one person,” said Jim Orahood, Ampex Data Systems’ vice president and general manager.
“There are roughly half-a-dozen companies providing cybersecurity products for utilities and institutions, but BLUE Lighting stands apart because it is ‘low in the stack,’” said Orahood, referencing the fact that BLUE lighting is closer to actual sensors and protective relays. “This provides information about malicious activity at the ingest point and not after the fact.”
“BLUE Lightning is scalable, allowing different customers to use it in diverse ways,” he said. “A military installation is likely to want complete control over all the hardware and software, while a utility installation might want software only. The BLUE Lightning software is ‘hardware agnostic,’” he said, meaning it can be adapted to systems with analog or digital control systems, or with hybridized systems.
Under its Technical Assistance Program (TAP), INL offers expertise to small businesses that intersect and support the laboratory’s mission areas. Several criteria apply:
- Requested services cannot substantially compete with services available from the private sector.
- The requested assistance must fall within INL areas of expertise.
- The requested assistance must not interfere with ongoing INL programs.
- No more than 40 hours of assistance are allowed per request.
“INL enters into roughly six to 12 TAP agreements each year. The agreement with Ampex represents the first involving the lab’s Cybercore Integration Center,” said Stephanie Cook, INL program manager for Technology Based Economic Development. “INL’s expertise in protecting the nation’s critical infrastructure fits well with Ampex’s goal of testing and maturing its technology.”
Orahood added, “The system can be deployed either in-line with a customer’s network or in an out-of-band configuration.” In both cases, the information from local devices can be continually monitored. The sensor scans the protocol with various algorithms to correlate the information, and then forwards alerts using a secure communications channel to its controller, which streams the information to any Security Information and Event Management (SIEM) system. That allows for decisive operator action any time vulnerabilities and threats are identified.
The BLUE Lightning algorithms date back to around 2012. Ampex has also been involved with aircraft and avionics companies, seeking to provide security solutions to “fly-by-wire” systems.
DID YOU KNOW?
If the name Ampex sounds familiar, it is because it was a major pioneer in recording and videotape equipment in the mid-20th century. The company can be traced back to the end of World War II, when it supplied radar motors and generators to the Dalmo Victor Co., a vendor to the U.S. Navy. With the war ending, company founder Alexander Poniatoff turned his attention to magnetic recording tape and tape recorders. The company received its first major financial support from Bing Crosby, who was seeking better sound reproduction.
Ampex’s tape business was rendered obsolete during the 1990s, and the company repositioned itself to focus on digital storage products, developing the first true all-digital Flight Test Instrumentation (FTI) for the Department of Defense.