Cybersecurity solutions for critical energy infrastructure are imperative and they must be carefully engineered to develop reliable systems. Cybersecurity for the modernized power grid is bringing together two different communities: Information technology (IT) and Operational technology (OT). The IT and OT environments differ in important ways but each has benefits that can be gained from the other. Therefore, it is necessary to adapt IT in order to develop tailored cybersecurity protections for OT systems. In order to address this situation, the Department of Energy (DOE) established the Cybersecurity for Energy Delivery Systems (CEDS) R&D program. CEDS envisions and supports the design, installation, operation and maintenance of resilient energy delivery control systems capable of surviving a cyber incident while still sustaining critical functions.
This presentation will review various CEDS R&D projects in which Schweitzer Engineering Laboratories (SEL) has been involved including an overview of Operational Technology-Software Defined Networking (OT-SDN). The goal of the Watchdog project was to develop a managed switch with an integrated deny by default all-layer firewall and network access control. Watchdog performs deep packet inspection using a whitelist configuration approach to establish a set of known, allowed communications and quarantines malicious traffic and unregistered devices. By leveraging software defined network (SDN) technology, the Chess Master project developed a security validation and policy enforcement application that connects into a flow controller managing all field networks centrally. The project identified unexpected cyber activity to help prevent an intrusion and developed pre-engineered responses to adapt and survive should an intrusion occur. Visualization tools for threat situational awareness provided operators with a global view of the status of their entire network.