Next-gen network security for critical infrastructure
The U.S. Department of Energy (DOE) is funding a research team to develop a secure networking solution that reduces cyberattack exposure for U.S. industrial and utility mission-critical networks. The team, which includes representatives from Schweitzer Engineering Laboratories, Inc. (SEL), Veracity and Sempra Renewables, will focus on developing technology to reduce the cyberattack surface of energy delivery systems.
The project includes automating the identification of unwanted behavior, the containment of affected network areas and the rerouting of critical information. The ultimate goal is for critical energy delivery and control systems to remain safe and operational, even in the event of a cyberattack. The project team will create technology and methods to define security state policies and an automated system to manage the transition between security states. This will enable faster response to unauthorized traffic, streamline the identification and containment of affected networks and reroute critical information and control flows.
The project will deliver the following:
- A security state policy enforcer application that runs on the northbound interface of a flow controller.
- A DIN rail mount software-defined networking (SDN) Ethernet switch.
- An industrial control system extension to the open source SDN specification using the OpenFlow specification.
- The ability to apply an action to encrypt/decrypt packets on a per-flow basis and automate key management.
This project builds on the already successful completion of the DOE’s Watchdog and SDN projects, which were sponsored by the DOE’s Cybersecurity for Energy Delivery Systems (CEDS) program. These projects successfully introduced an SDN flow controller (SEL-5056) and a substation-hardened SDN switch (SEL-2740S) to market.