The Defense Advanced Research Projects Agency (DARPA) announced that its RADICS program will now develop technology to detect and respond to cyber attacks on U.S. critical infrastructure. With the advancement, organizations will be able to pay special attention to those components critical to defense mission effectiveness.
With the Rapid Attack Detection, Isolation and Characterization Systems (RADICS) program, initially launched in 2016, industrial organizations can permit black start recovery of the power grid amidst a cyber-attack on the U.S. energy sector’s critical infrastructure, DARPA said in a news statement. Black start is the process adopted to restore power following a total or partial shutdown of the national electricity transmission system.
RADICS researchers developed technologies to provide enhanced situational awareness to grid operators by providing accurate and timely information about grid state before, during, and after an attack. Using this improved awareness, operators are better able to thwart an attack or blunt its effects before it can cause significant damage to any physical infrastructure.
To prevent an adversary from continuing attacks on a compromised network during recovery efforts, researchers also developed technologies that isolate emergency networks, allowing for secure responder coordination and communications, DARPA said.
Apart from improving situational awareness, DARPA RADICS researchers developed countermeasures to cyberattacks that were designed to corrupt configuration files, introduce malicious code in control systems, or perpetrate other types of damage. Among these countermeasures are tools that could automatically map and assess the state and configuration of electrical power networks, which helps operators to detect and characterize power-grid malware.
“Cyberattacks on the grid can essentially do two things – make the grid not tell you the truth, and make the grid operate in an unexpected way,” said Walter Weiss, program manager responsible for DARPA’s RADICS. “The technologies developed under RADICS help provide ground truth around grid status, giving responders the ability to quickly detect anomalies and then chart a path towards recovery.”
In order to test and evaluate new grid-saving tools developed by RADICS researchers, the program featured a custom-built testbed that replicates real-world conditions that utilities and first responders could encounter during a cyberattack.
To design the testbed, DARPA RADICS leveraged over a decade of testbed-architecture work by researchers (and program performers) based at the University of Illinois Urbana-Champaign (UIUC). The RADICS testbed consists of miniaturized substations that were designed to operate as they do in the real world, but with safeguards to protect the system and those operating the substations.
The substations are connected via power lines, forming a multi-utility crank path. With a crank path, power is generated to black start one utility that then powers the next utility and the next until the grid is fully restored. The testbed was designed around commonly deployed systems in North America and configured in ways that actual utilities use.
The UIUC team also implemented a distributed, modern computer network that allowed for essential data collection, dynamic reconfiguration, and adaptation of the environment, which was needed to meet the requirements that Weiss and his team at DARPA specified for the program.
“Testbeds are more than just hardware and software; they are the people, the knowledge, the data, and the assets that are necessary to build out an environment to serve the designed purpose,” said Tim Yardley, principal investigator responsible for the testbed effort at UIUC. “The RADICS testbed provided a state-of-the-art environment to explore the unknown, test theories and approaches, and accomplish what has never been tried before – live-fire cyberattacks on critical infrastructure systems in a controlled and observable way.”
Recently, researchers at the National Institute of Standards and Technology (NIST) announced the 4.0 version of the Smart Grid Framework. To push interoperability on the grid, the new version of the framework describes the economic and environmental benefits that could stem from enhanced interoperability and outlines a new strategy for supporting the development of interoperable devices and equipment. It also delivers guidance and resources for grid cybersecurity, which is becoming increasingly important as greater numbers of devices connect with the grid.
As the benefits of an interoperable grid provide improved connectedness and an increased flow of information between various parties, elements of the grid may become more vulnerable to malicious actors, NIST highlighted.
The North American Electric Reliability Corporation (NERC) also offers a set of mandated security requirements for the high-voltage elements of the grid, such as transmission lines. The framework offers resources to help fill in these gaps, including a cybersecurity risk profile for the smart grid. The profile, containing numerous security considerations specific to the grid, provides utilities and others with a structured method of assessing their current practices and identifying areas in need of beefed-up security.
The Cybersecurity and Infrastructure Security Agency (CISA) and sustainable energy company AVANGRID conducted a virtual tabletop exercise last week that tested and identified short-term and long-term recovery plans, business continuity, internal information sharing and communication plans that AVANGRID implemented since the beginning of the COVID-19 pandemic. Avangrid Networks has eight electric and natural gas utilities, catering to the needs of over 3.3 million users in New York and New England.