Even the strongest critical IT and cybersecurity defense systems can’t function if the power goes down.
Today’s adversaries are capable of unleashing cyberattacks on the nation’s critical infrastructure that can be as devastating as a hurricane’s path of destruction. An electrical disruption such as a blackout can have a domino effect, serving as a catalyst for a series of failures that can take the systems and services at the core of our daily lives—banking, communications, traffic, life-saving medical equipment, and even the Internet—offline.
But while a natural disaster doesn’t have an intentional plan of attack, a hacker can create, uncover, and exploit vulnerabilities, choosing their targets strategically to maximize disruption and jeopardizing national security, privacy, and even threatening lives.
Threats that target utilities and critical infrastructure are real, and they’re testing the resiliency of our cities and regions.
A Unique Target
With the escalation of state-sponsored cyber warfare in the Russia-Ukraine conflict, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning in January 2022 that encouraged critical infrastructure operators to adopt a heightened state of awareness and to conduct proactive threat hunting.
Control system operators face an underlying, persistent cyber and reliability risk. The technology that makes our infrastructure intelligent and flexible—cyber-physical systems known as Operations Technology (OT)—also leaves it uniquely vulnerable. The more intelligent the system, the greater the need to protect it.
OT systems are different from IT systems in their technology and operation. Today’s commercial cybersecurity protection systems tend to focus on intrusion detection and configuration assurance for administrative desktops and servers, not the OT controllers used in supervisory control and data acquisition (SCADA) systems, such as electric grid protection relays and controllers for feeders, buses, and transformers. The typical antivirus agent on a laptop computer does not exist on OT equipment, which are not Windows or Linux-based and use embedded real-time operating systems.
And much of this equipment is older and based on serial communications, which makes it inaccessible to IP-based, IT monitoring solutions. This inaccessibility creates a “serial blind spot” for operators, cyber protection teams and cyber first responders that translates into significant risk.
The lack of situational awareness allows adversaries to lurk undetected, performing reconnaissance and compromising critical infrastructure like what occurred in the Ukraine power grid attack in 2015.
EnergyDefender is a cyber integrity solution developed by Peraton that combines multiple novel analysis technologies beyond traditional traffic monitoring to hunt cyber threats and provide intervention and recovery solutions. Its emergency telemetry situational awareness capabilities even account for partial information and incomplete power grid sensing to predict the state of the grid. The result: accurate, real-time assessments of industrial control system (ICS) cybersecurity trustworthiness and asset readiness.
EnergyDefender was developed by Peraton Labs with support from the Department of Energy and two Defense Advanced Research Projects Agency (DARPA) national security programs—Rapid Attack Detection, Isolation, and Characterization Systems (RADICS) and Leveraging the Analog Domain for Security (LADS)—that anticipated today’s threat environment and the risks to our national security of cyberattacks of a kind and scale not seen before by infrastructure operators.
“With power grids, there is a lot of specific, proprietary technology, and protocols that are not commonly used in the IT environment,” said Stan Pietrowicz, research director, Applied Cybersecurity and Network Modernization, Peraton Labs. “There are lots of embedded systems—both for protection and to control the operations of physical systems like breakers, power generators, and pumps.”
Peraton delivers EnergyDefender as part of its SecureSmart™ critical infrastructure protection solution line, which has technologies designated as Cyber Catalysts by Marsh® and recognized by the eight largest cyber insurance companies to provide risk reduction.
What Sets EnergyDefender apart
EnergyDefender offers a unique five-vector analysis solution. It supplements today’s traffic analysis with ICS protocol analysis, process telemetry state analysis, cyber emissions analysis, configuration analysis, and binary integrity analysis.
While EnergyDefender improves the continuous monitoring capabilities required to ensure ground truth system health, it was designed as a cyber hunting tool, and possesses industry-leading capabilities to identify threats, stop them in their path, and even restore some field systems technology to their original firmware and functioning state ensure that field operations technology hardware, software, wireless, and networks are working properly.
And EnergyDefender can monitor serial infrastructure and provide emergency SCADA telemetry and traffic invention to respond to attacks based on operator-defined rules.
Depending on their goals, a customer can pick and choose the analysis vectors that best suit their business needs—with both active and passive components—for a custom-tailored solution that can be deployed as either an operator-run product or a hosted continuous monitoring service (CMaaS).
Cyber threats are a part of daily life and pose a significant risk to critical infrastructure in the U.S. Peraton’s EnergyDefender safeguards the services that power the country and helps protect critical infrastructure operators from advanced cyber adversaries.