Breakout Discussion Sessions

Subject to change. Updates will be posted as they become available.

We are planning to address the following hot topics during our breakout discussion sessions. All three topics will be featured during both breakout sessions on the agenda. Therefore, participants will have an opportunity to participate in two of three breakout discussion topics.

Cyber Supply Chain Provenance and Protection
Session Chair: Dennis Gammel, Schweitzer Engineering Laboratory

Issues of supply chain and provenance continue to be a significant concern in multiple EDS sectors. The globalization of manufacturing and development has resulted in chips, subassemblies, and firmware from multiple providers, some of whom are offshore. As the threat environment has changed in the energy sector over the last several years, compromise of software and hardware has become an increasing concern. For an example in September 12, 2012, Telvent Canada subsidiary of Schneider Electric reported that it had learned of a breach of its internal firewall and security systems. Telvent said the attacker(s) installed malicious software and stole project files related to one of its core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced “smart grid” technologies. OASyS SCADA is predominantly used by O&G sector where Telvent has significant market share. Additionally, FERC has required a cyber supply chain standard be developed for the electric grid. With the impact of cyber supply chain analysis falling on combination gas-electric distribution utilities, other industry segments may feel similar pressures. Understanding and managing supply chain issues supports the Roadmap strategy “Assess and Monitor Risk.” Measures to ensure provenance or prove correctness of modules (achieves its stated function and nothing more) support the strategy “Develop and Implement New Protective Measures to Reduce Risk.”

Engineering Secure EDS
Session Chair: Zachary Tudor, Idaho National Laboratory

The world is full of threats that we don’t understand and vulnerabilities that are not apparent, where maintaining compliance with cyber-security regulations and industry standards demands ever-increasing resources without any promise of successfully preventing or mitigating attacks, and where there are far more security and resilience tools and technologies available than can possibly by implemented by any one energy delivery entity. The observation that “Just because a patch’s CVSS score is critical does not mean it is critical in our environment due to where it is deployed or what other mitigating controls might be in place” suggests that a different world view of how to achieve cyber-security and cyber-resilience is needed. Researchers are beginning to look at the problem from more systems-engineering viewpoints, such as INL’s consequence-based, cyber-informed engineering (CCE), and NIST’s recent publication Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (https://doi.org/10.6028/NIST.SP.800-160). What tools and technologies need to be developed in order to support utilities in adopting a systems engineering approach to the design and operation of their cyber-security/cyber-resilience operations? This topic supports Roadmap strategy “Sustain Security Improvements” and “Develop and Implement New Protective Measures to Reduce Risk.”

PKI in Current and Emerging EDS
Session Chair: Sean W. Smith, Dartmouth College

One important characteristic of secure and resilient systems is that end points of the system are certain that the data and commands that they receive come from legitimate/expected sources (end-point authentication). Security for SCADA protocols in particular is a relatively recent arrival, and the initial approach to end-point authentication in the recent protocol proposals is based on self-generated public/private key pairs – which pushes the problem to authentication of the binding between a particular public key and some device. In the IT world this role has been fulfilled by Public Key Infrastructures (PKIs), but the path to adoption of this solution in the OT world is far from clear:

  • There are issues of scale.
  • There are issues of operation and administration, including integration with existing databases of utility equipment.
  • There are issues interacting with 3rd parties (if a private PKI is adopted).
  • There are potentially new risks to operations associated with the PKI itself.
  • Classical IT PKI practice assumes connectivity for purposes of time synchronization and credential revocation, but isolation is preferred for OT networks. How can this dilemma be resolved? Or can the isolation be exploited to simplify the system?
  • Is the overhead of public-key cryptography too high for these settings? (Computational power? Bandwidth? Increased latency for messages?)
  • What trust structures are required? (In other PKIs, once things work with more than one certificate authority, or CA, complexity ensues.)
  • What about revocation?

This topic supports the Roadmap strategy “Develop and Implement New Protective Measures to Reduce Risk.”