2008 ieRoadmap Workshop Presentations
Click on the links below to view a pdf of the presentations given at the 2008 ieRoadmap Workshop.
Download Adobe Acrobat Reader.
Institute for Information Infrastructure Protection
APT assesses whether firewall rules and host policy enforcement mechanisms correctly implement desired access constraints. APT can be used to verify correctness of existing policy implementations or to design new implementations that meet desired global policy constraints.
Wurldtech Security Technologies
The program will test a minimum of 40 currently deployed control system devices in the Achilles platform and catalog the type, likelihood, severity, and potential impacts of all identified vulnerabilities. Study data and mitigation strategies will be released by subscription to the Delphi 2.0 vulnerability database.
DOE National SCADA Test Bed Program
This project will examine for cyber vulnerabilities the topologies, technologies, frequencies, and coding schemes of emerging advanced metering infrastructure (AMI) architectures.
Digital Bond, Inc.
Digital Bond, asset owners, and vendors are working to identify the best possible security configurations for at least 20 vendor applications. The team will then create audit files for the Nessus vulnerability scanner that will identify variances between a deployed system and the best configuration.
SRI International
DATES will integrate intrusion detection capabilities into field device and control LANs, and incorporate security incident/event management into control centers. It will also create an anonymous, global threat database to encourage incident reporting and situational awareness.
Electric Power Research Institute (EPRI)
The DNP Secure Authentication specification will provide an open, standardized method for a master station, remote terminal unit, sensor, or intelligent electronic device to verify that any given message was transmitted by an authorized device and that the message was not modified in transit. It uses NIST-approved algorithms and security mechanisms, and is being developed in concert with a corresponding international standard, IEC 62351-5.
Schweitzer Engineering Laboratories, Inc. (SEL)
This project is commercializing the Secure SCADA Communications Protocol, which marks original SCADA messages with a unique identifier and authenticator that the receiving device must first validate before enacting the message. SEL will implement the technology in an FIPS 140-2-validated cryptographic card that can be used by SEL or other vendor products.
SRI International
LOGIIC is developing a comprehensive monitoring system to provide enterprise-level situational awareness over an operational facility's entire information infrastructure. This system monitors a PCS for abnormal activity and correlates the information to security event data from business networks.
EnerNex Corporation
The Lemnos team is independently building an open-source reference implementation and proprietary commercial design of a network security product using OPSAID-defined functional vocabulary and metrics. The project will demonstrate that the devices can interoperate if created using the same defined functional requirements. In the future, this will help utilities evaluate network security products for interoperability.
Critical Infrastructure Defense Group
This project has developed a model to help utilities navigate the wealth of cyber, physical, operational, management, and legal standards and determine which standards apply to them.
Digital Bond, Inc.
The Passive Security Log Generator gathers network traffic information to create security log events that should be recorded by a programmable logic controller (PLC) or other field device. A total of 50 security events will be standardized for 10 different field devices and used to give security logging capability to field devices without degrading performance.
Digital Bond, Inc.
Portaledge leverages the existing capabilities of OSIsoft's PI server to aggregate and correlate security events from all data sources across a network. The project then develops advanced computing engine (ACE) modules, which identify security events indicating an attack, and places those modules into the PI server. This gives the product security event management capabilities.
Siemens Corporate Research, Inc.
The project will develop a risk-based critical asset identification system using advanced simulation and machine learning. It will then develop an integrated and distributed hierarchical security layer including security agents, distributed security switches, and security managers. Researchers will build a network topology optimizer, a model that determines the best location for agents, switches, and security managers.
Multi-State Information Sharing & Analysis Center (MS-ISAC)
The Cyber Security Procurement Language for Control Systems is a document of methodologies for utilities to use during the procurement cycle that will identify high-value opportunities to reduce security risks. This will enable providers to apply sound design principles to their architectures and systems.
Homeland Security Advanced Research Projects Agency (HSARPA)
The toolkit implements the IEC-61850 standard and maps IEC-61850 to web services communications. It provides defense-in-depth by leveraging 61850 object naming, 61850's enabling use of conventional networking technology, and open source security tools.
Homeland Security Advanced Research Projects Agency (HSARPA) BAA
This project will develop enhancements to the wireless mesh network systems, including authentication and secure key exchange protocols between routing wireless nodes. It will also implement a unique non-overlapping redundant mesh-routing protocol.
Electric Power Research Institute (EPRI)
The project will develop a tool, built over Lumina Systems' Analytica product, to provide quantitative estimates of the value of security activities.
Institute for Information Infrastructure Protection (I3P)
This project umbrellas six security tools, including: RiskMAP, used to identify corporate risks; DEADBOLT, which ensures that vendor-supplied software has been rigorously tested for coding errors; SHARP, which provides an infrastructure-dependent, drop-in appliance that limits access to sensitive data; APT, which ensures that PCS security policy is specified and implemented correctly; SecSS, which provides situational awareness and prevents misuses of Modbus; and ROBUST, which plans for surviving and responding to cyber disruption.
TCIP Center
Formed in fall 2005, TCIP oversees numerous projects focused on securing control system devices, communications, and data systems.
This project is working to secure advanced metering infrastructure (AMI) communications by determining if networks include security protocols that AMI can leverage.
GridStat is developing a middleware framework, and the research prototype has demonstrated the feasibility of publish-subscribe middleware for power grid monitoring and control communication. GridStat will provide flexible, robust, timely, and secure delivery of operational status information.
This project technology aims to contain jamming attacks in the wireless networks within power substations by detecting compromised nodes, then using uncompromised nodes to isolate them by a secret re-keying technique.
This project will develop a comprehensive model and taxonomy of attacks, vulnerabilities, and damages in control systems.
|