ARMORE project works to create safer grid for utility companies
Due to advancement in cyber attack methodology, many companies are being encouraged to employ thorough security measures to combat the increasingly widespread attacks. This is evident in the release of cyber security frameworks such as the NIST Cyber Security Framework that was created from Presidential Executive Order 13636. For instance, utility companies, in particular, need to go beyond just guarding their networks at the edge, and begin protecting at deeper network levels as well. The current edge-based firewall approach, as well as the lack of widely deployed security protections in existing protocols, presents problems that require new, resilient and intelligent protection schemes.
ARMORE's main goal is to take the security perimeter and extend the protection beyond just firewalls by pushing security further into the infrastructure. The effort focuses specifically on the energy sector to increase the security and resiliency of power grid operations.
The traditional Internet attack vector isn't the only one to worry about, but also all of the remote connection points, such as substations, and the communication of data from those locations, said Yardley, who will be leading the effort.
The group will be working to establish a distributed peer-based framework to enable security value-add to both legacy and modern systems in critical infrastructure, specifically for utility companies. This work will enhance edge-perimeter security practices with a system that deepens security protections for real-time communication capabilities in utility critical networks, including substations. ARMORE will enable fault-tolerant secure peer-based communications and enhance existing known and unknown protocols to include aspects like encryption, authentication and access control, in addition to providing for greater overall security by augmenting legacy energy sector protocols throughout the utility infrastructure. The ARMORE platform deployments are intended to be transparent to the systems running on the utility networks and also form the basis of a distributed framework for advanced computation, that could be leveraged to tackle the big data problems of the grid.
We need security and we want value added without breaking compatibility, Yardley said. We plan to do that transparently and for the system to be as easy to deploy as possible.
The researchers will be working with the Grid Protection Alliance (GPA), with support from Pacific Northwest National Lab and collaboration from various utility partners, to design the peer-based secure distributed communications and computational architecture. They are developing a prototype that will be able to leverage the hierarchy of utility networks and provide fault-tolerance and security enhancements. The system will be released as open source and utility focused testing will evaluate its effectiveness in performing high-speed, high fidelity secure distributed communications using a n advanced power systems testbed at Illinois and at other remote locations, such as GPA and interested utility partners.
The technology inherent to the design will operate through a concept of progressive enhancement, adding layers of protection with flexible selection, Yardley said.