Safer and Optimised Vulnerability Scanning for Operational Technology through Integrated and Automated Passive Monitoring and Active Scanning

Abstract:

Vulnerability scanning of embedded sensors and controllers have a history of causing disruption and malfunction within operational technology environments. Traditional information technology vulnerability scanning generally consists of blunt exercising all or a large population of test conditions to understand how equipment responds. Often the large number and varied conditions of the tests are too much for embedded systems to handle. This paper presents a methodol-ogy and framework for integrating passive monitoring and active scanning techniques to optimise the type and amount of necessary active communication tests while achieving acceptable levels of device and vulnerability discovery. Bayesian probability and networks are leveraged for infer-ence to drive the automation of the scanning actions to achieve confidencein discovery. Through inference, selecting the optimal active scans with the least risk and highest confidenceimpact is possible, thereby eliminating unnecessary scans with uncertain effects.Results of experimenting with real power systems and useful evidence are provided.


AUTHORS

Photo of Thomas Edgar

Pacific Northwest National Laboratory
Richland, Washington, United States

Thomas Edgar  is a Senior Cyber Security Research Scientist at the Pacific Northwest National Laboratory. Throughout his career, Edgar has worked in the fields of secure communications protocols, cryptographic trust management, insider threat, security standards, and scientific approach to security and is the Co-PI for the powerNET and cyberNET testbeds.  Thomas' research interests include the scientific underpinnings of cyber security and applying scientific based cyber security solutions to enterprise and critical infrastructure environments. His expertise lies in scientific process, critical infrastructure security, cyber forensics, network security, and testbed and experiment construction. Thomas' educational background consists of a B.S. and M.S. in Computer Science from the University of Tulsa with a specialization in Information Assurance.

 

Photo of Shwetha Niddodi

Pacific Northwest National Laboratory Richland, Washington,
United States

Shwetha Niddodi has been a Senior Software Engineer at PNNL since May 2016. Before joining PNNL, she worked as a software engineer in a private company in India. At PNNL, she works on building and grid related software infrastructure and cyber-security related projects. Her research interests include distributed software platforms that can support existing and future buildings and power grid applications with focus on distributed hierarchical agent-based control, group/cluster management, group discovery and fault tolerance, and cyber security in smart buildings and power grids. Shwetha has a B.E. in Electronics and Communication from the Visvesvaraya Technological University in India and an M.S. in Computer Engineering, Washington State University.

Photo of Theora R. Rice

Pacific Northwest National Laboratory Richland, Washington,
United States

Theora R Rice is a Cyber Security Researcher in PNNL's National Security Directorate. She holds both B.S. and M.S. degrees in Computer Science from the University of Idaho and studied as a recipient of the National Science Foundation Scholarship for Service. Her interest and passion for industrial control systems and critical infrastructure cyber security formed in her academic years and were the focus of her master’s thesis. Throughout her career Ms. Rice has worked with academic, industry, and government agencies to further expand her knowledge and contribute research in the critical infrastructure security field. Her current research foci include building cyber-physical testbeds for industrial control system security research, energy delivery system forensics, and developing scientific methodology for cyber security experimentation.

Photo of William (Bill) J. Hofer

Pacific Northwest National Laboratory
Richland, Washington, United States

William (Bill) J. Hofer, a Cyber Security Engineer, has been at PNNL since July 2016. During his time at the lab, he has worked on engineering tasks related to deception for Cyber-Physical Systems, automated deployment of cluster-based enterprise environments, and has been an administrator of the CyberNET testbed. Bill’s research interests include cloud engineering, scientific experimentation on cyber-related issues, testbed experimental design, cyber-physical system security, and computer and network security. Bill studied at Dakota State University in South Dakota and received a B.S. in Computer and Network Security with a specialization in cyber operations and an M.S. in Information Assurance.

Photo of Garret Seppala

Pacific Northwest National Laboratory Richland, Washington,
United States

Garret Seppala, a Cyber Security Engineer, has been at PNNL since July 2016. He received a B.S. in Software Engineering from Oregon Institute of Technology. M. Seppala's expertise lies in software development, but he has been branching out to new cyber security related fields through multiple projects where his roles have included manipulating authentication protocols, tinkering with embedded devices, preparing experimental environments for a “red team” attempt to infiltrate, and programming automated human behaviors across a virtual network of terminals.

Photo of Kristine Arthur-Durett

Pacific Northwest National Laboratory Richland, WA,
United States

Kristine Arthur-Durett has been a Cyber Security Researcher at Pacific Northwest National Laboratory (PNNL) since February of 2015. Her research experience includes situational awareness, metrics and analysis of cyber data, risk and loss analysis, and experimental design. Her interests include using a variety of mathematical and statistical techniques to describe and understand cyberspace and its interactions with the physical world. Kristine’s education includes a B.S. in Mathematics and an M.S. in Information Assurance and Security from Purdue University.

Photo of Matt Engels

Pacific Northwest National Laboratory Richland, Washington,
United States

Matt Engels is a Power Engineer in PNNL's Environment and Energy Directorate. He holds a B.S. and M.S. in Electrical Engineering from Washington State University and is currently pursuing his Ph.D. in Electrophysics/HPC. Mr. Engels' work at PNNL includes network security of SCADA energy delivery systems, secure control system communication, Hardware-in-the-Loop simulations, and microgrid analysis and control, including applied fieldwork. Prior to his work at PNNL, Mr. Engels worked as instrumentation and simulation engineer at the Hanford Waste Vitrification Plant, developed energy metering products at Schweitzer Engineering Laboratories, and served as a field engineer in the nuclear waste industry. He has also taught undergraduate electrical engineering courses as an adjunct faculty at Washington State University. Mr. Engels has co-authored numerous papers, reports, and presentations on various aspects of cyber security and microgrids.

Photo of Dr. David O Manz

Pacific Northwest National Laboratory Richland, Washington,
United States

Dr. David O Manz is a Senior Cyber Security Scientist in PNNL's National Security Directorate. He holds a B.S. in Computer and Information Science from the Robert D. Clark Honors College at the University of Oregon and a Ph.D. in Computer Science from the University of Idaho. Dr. Manz's work at PNNL includes enterprise resilience and cyber security, secure control system communication, and critical infrastructure security. Underlying his research is an application of relevant research methods for cyber security (Cyber Security Science). Prior to his work at PNNL, Dr. Manz spent five years as a researcher on Group Key Management Protocols for the Center for Secure and Dependable Systems at the University of Idaho (U of I). Dr. Manz also has experience teaching undergraduate and graduate computer science courses at U of I, and as an adjunct faculty member at Washington State University. He has co-authored numerous papers and presentations on cyber security, control system security, and cryptographic key management.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com