Safer and Optimised Vulnerability Scanning for Operational Technology through Integrated and Automated Passive Monitoring and Active Scanning
Abstract:
Vulnerability scanning of embedded sensors and controllers have a history of causing disruption and malfunction within operational technology environments. Traditional information technology vulnerability scanning generally consists of blunt exercising all or a large population of test conditions to understand how equipment responds. Often the large number and varied conditions of the tests are too much for embedded systems to handle. This paper presents a methodol-ogy and framework for integrating passive monitoring and active scanning techniques to optimise the type and amount of necessary active communication tests while achieving acceptable levels of device and vulnerability discovery. Bayesian probability and networks are leveraged for infer-ence to drive the automation of the scanning actions to achieve confidencein discovery. Through inference, selecting the optimal active scans with the least risk and highest confidenceimpact is possible, thereby eliminating unnecessary scans with uncertain effects.Results of experimenting with real power systems and useful evidence are provided.
AUTHORS
Pacific Northwest National Laboratory
Richland, Washington, United States
Thomas Edgar is a Senior Cyber Security Research Scientist at the Pacific Northwest National Laboratory. Throughout his career, Edgar has worked in the fields of secure communications protocols, cryptographic trust management, insider threat, security standards, and scientific approach to security and is the Co-PI for the powerNET and cyberNET testbeds. Thomas' research interests include the scientific underpinnings of cyber security and applying scientific based cyber security solutions to enterprise and critical infrastructure environments. His expertise lies in scientific process, critical infrastructure security, cyber forensics, network security, and testbed and experiment construction. Thomas' educational background consists of a B.S. and M.S. in Computer Science from the University of Tulsa with a specialization in Information Assurance.
Pacific Northwest National Laboratory Richland, Washington,
United States
Shwetha Niddodi has been a Senior Software Engineer at PNNL since May 2016. Before joining PNNL, she worked as a software engineer in a private company in India. At PNNL, she works on building and grid related software infrastructure and cyber-security related projects. Her research interests include distributed software platforms that can support existing and future buildings and power grid applications with focus on distributed hierarchical agent-based control, group/cluster management, group discovery and fault tolerance, and cyber security in smart buildings and power grids. Shwetha has a B.E. in Electronics and Communication from the Visvesvaraya Technological University in India and an M.S. in Computer Engineering, Washington State University.
Pacific Northwest National Laboratory Richland, Washington,
United States
Theora R Rice is a Cyber Security Researcher in PNNL's National Security Directorate. She holds both B.S. and M.S. degrees in Computer Science from the University of Idaho and studied as a recipient of the National Science Foundation Scholarship for Service. Her interest and passion for industrial control systems and critical infrastructure cyber security formed in her academic years and were the focus of her master’s thesis. Throughout her career Ms. Rice has worked with academic, industry, and government agencies to further expand her knowledge and contribute research in the critical infrastructure security field. Her current research foci include building cyber-physical testbeds for industrial control system security research, energy delivery system forensics, and developing scientific methodology for cyber security experimentation.
Pacific Northwest National Laboratory
Richland, Washington, United States
William (Bill) J. Hofer, a Cyber Security Engineer, has been at PNNL since July 2016. During his time at the lab, he has worked on engineering tasks related to deception for Cyber-Physical Systems, automated deployment of cluster-based enterprise environments, and has been an administrator of the CyberNET testbed. Bill’s research interests include cloud engineering, scientific experimentation on cyber-related issues, testbed experimental design, cyber-physical system security, and computer and network security. Bill studied at Dakota State University in South Dakota and received a B.S. in Computer and Network Security with a specialization in cyber operations and an M.S. in Information Assurance.
Pacific Northwest National Laboratory Richland, Washington,
United States
Garret Seppala, a Cyber Security Engineer, has been at PNNL since July 2016. He received a B.S. in Software Engineering from Oregon Institute of Technology. M. Seppala's expertise lies in software development, but he has been branching out to new cyber security related fields through multiple projects where his roles have included manipulating authentication protocols, tinkering with embedded devices, preparing experimental environments for a “red team” attempt to infiltrate, and programming automated human behaviors across a virtual network of terminals.
Pacific Northwest National Laboratory Richland, WA,
United States
Kristine Arthur-Durett has been a Cyber Security Researcher at Pacific Northwest National Laboratory (PNNL) since February of 2015. Her research experience includes situational awareness, metrics and analysis of cyber data, risk and loss analysis, and experimental design. Her interests include using a variety of mathematical and statistical techniques to describe and understand cyberspace and its interactions with the physical world. Kristine’s education includes a B.S. in Mathematics and an M.S. in Information Assurance and Security from Purdue University.
Pacific Northwest National Laboratory Richland, Washington,
United States
Matt Engels is a Power Engineer in PNNL's Environment and Energy Directorate. He holds a B.S. and M.S. in Electrical Engineering from Washington State University and is currently pursuing his Ph.D. in Electrophysics/HPC. Mr. Engels' work at PNNL includes network security of SCADA energy delivery systems, secure control system communication, Hardware-in-the-Loop simulations, and microgrid analysis and control, including applied fieldwork. Prior to his work at PNNL, Mr. Engels worked as instrumentation and simulation engineer at the Hanford Waste Vitrification Plant, developed energy metering products at Schweitzer Engineering Laboratories, and served as a field engineer in the nuclear waste industry. He has also taught undergraduate electrical engineering courses as an adjunct faculty at Washington State University. Mr. Engels has co-authored numerous papers, reports, and presentations on various aspects of cyber security and microgrids.
Pacific Northwest National Laboratory Richland, Washington,
United States
Dr. David O Manz is a Senior Cyber Security Scientist in PNNL's National Security Directorate. He holds a B.S. in Computer and Information Science from the Robert D. Clark Honors College at the University of Oregon and a Ph.D. in Computer Science from the University of Idaho. Dr. Manz's work at PNNL includes enterprise resilience and cyber security, secure control system communication, and critical infrastructure security. Underlying his research is an application of relevant research methods for cyber security (Cyber Security Science). Prior to his work at PNNL, Dr. Manz spent five years as a researcher on Group Key Management Protocols for the Center for Secure and Dependable Systems at the University of Idaho (U of I). Dr. Manz also has experience teaching undergraduate and graduate computer science courses at U of I, and as an adjunct faculty member at Washington State University. He has co-authored numerous papers and presentations on cyber security, control system security, and cryptographic key management.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive
