19 March 2017

DARPA awards contract to rapidly restore power grid after cyberattack



The Defense Advanced Research Projects Agency set out in 2015 to mitigate the effects of cyberattacks on the U.S. electrical grid — one of the quintessential fears of modern cyberwarfare.

The research agency recently awarded BAE Systems a contract under this program, the Rapid Attack Detection, Isolation and Characterization Systems, or RADICS, to develop technology that can quickly restore power to the grid following a fatal cyberattack.

DARPA’s program fits into three buckets, according to Victor Firoiu, senior principal engineer and manager of communications and networking at BAE: 

Technical area 1: detect anomalies and work to prevent cyberattacks. 

Technical area 2: assuming an attack was performed, isolate infected portions of the network and establish a secure emergency network to provide an alternative means of communication to other centers of the power grid. 

Technical area 3: forensics dealing with understanding the nature of the attack and cleaning up the network. 

BAE’s work is focusing on technical area 2, Firoiu told FifthDomain. The company’s solution, Firoiu said, doesn’t just isolate the infected portions of the network, but it also detects and disconnects unauthorized connections.

Next, the company coordinates alongside the affected sites to deploy a network of communication. At this point, it may be safe to assume cell networks are down as a result of the cyberattack — though if they are online, they will use them — and thus, they must plan for enough capacity so all critical operations can be performed. Third and finally is the actual creation of a network, which involves tying in multiple wireless radio technologies to establish a secure emergency network.

This fits within some of the warnings and recommendations of the Defense Science Board’s recent report on cyber deterrence.

“Barring major unforeseen breakthroughs in the cyber defense of U.S. civilian critical infrastructure, the United States will not be able to prevent large-scale and potentially catastrophic cyber attacks by Russia or China; for the foreseeable future, we will have to rely heavily on deterrence by cost imposition,” the report noted.

Under the common models of deterrence, DARPA’s RADICS program fits within the model of deterrence by denial. And under this model, systems are so resilient and secure that attacks would be futile.

Foreign cyber actors

Hacks of the electrical grid and other elements of critical infrastructure are not out of the realm of possibility, given that malware is placed upon these systems for reconnaissance or effects generation purposes at a particular time of one’s choosing. Russia is believed to be behind the first-ever instance of a power outage by means of cyber tools. Iran was also behind an intrusion into the systems of a dam in New York, for which the perpetrators were indicted.

On the topic of key cyber deterrence challenges, the Defense Science Board report notes: “Lesser powers’ (e.g., Iran and North Korea) and potentially non-state actors’ possible ability, through increasingly available cyber tools — indigenous, purchased, or transferred — to conduct catastrophic attacks on U.S. critical infrastructure.”

Attacks of significant consequence on the electrical grid could impair the operations of defense installations on U.S. soil, Firoiu said.

In terms of how each technical area will interface, Firoiu said the indications from technical area 1 of locations affected by the cyberattack will be fed to the teams associated with technical area 2 to intervene quickly at affected sites to isolate the network and establish alternate means of communication.

In addition to isolating the networks, Firoiu said, the teams associated with technical area 2, to include BAE and its solution, will collect and pass traffic from the secure emergency network to the forensic teams with technical area 3 for further analysis. They will also be looking to see if the cyberattack is continuing across effected sites based upon this traffic.

The DARPA program is currently in the first of three phases, which involves research and prototypes. Each phase lasts for 16 months for a total of four years, Firoiu said, and each involve multiple partners across and within each technical area. He added that, once complete, there are a multitude of organizations in which DARPA will want to incorporate this solution, as is standard, including the Department of Homeland Security and or the Industrial Control Systems Cyber Emergency Response Team.

No comments: