| Detection and Analysis of Threats to the Energy Sector: DATES | |
| Alfonso Valdes | |
| 关键词: ENERGY SYSTEMS; SABOTAGE; DETECTION; COMPUTERIZED CONTROL SYSTEMS; HUMAN INTRUSION; ALGORITHMS; MONITORING; SECURITY; | |
| DOI : 10.2172/1010661 RP-ID : None PID : OSTI ID: 1010661 Others : TRN: US201109%%2 |
|
| 美国|英语 | |
| 来源: SciTech Connect | |
 PDF
|
|
【 摘 要 】
This report summarizes Detection and Analysis of Threats to the Energy Sector (DATES), a project sponsored by the United States Department of Energy and performed by a team led by SRI International, with collaboration from Sandia National Laboratories, ArcSight, Inc., and Invensys Process Systems. DATES sought to advance the state of the practice in intrusion detection and situational awareness with respect to cyber attacks in energy systems. This was achieved through adaptation of detection algorithms for process systems as well as development of novel anomaly detection techniques suited for such systems into a detection suite. These detection components, together with third-party commercial security systems, were interfaced with the commercial Security Information Event Management (SIEM) solution from ArcSight. The efficacy of the integrated solution was demonstrated on two testbeds, one based on a Distributed Control System (DCS) from Invensys, and the other based on the Virtual Control System Environment (VCSE) from Sandia. These achievements advance the DOE Cybersecurity Roadmap [DOE2006] goals in the area of security monitoring. The project ran from October 2007 until March 2010, with the final six months focused on experimentation. In the validation phase, team members from SRI and Sandia coupled the two test environments and carried out a number of distributed and cross-site attacks against various points in one or both testbeds. Alert messages from the distributed, heterogeneous detection components were correlated using the ArcSight SIEM platform, providing within-site and cross-site views of the attacks. In particular, the team demonstrated detection and visualization of network zone traversal and denial-of-service attacks. These capabilities were presented to the DistribuTech Conference and Exhibition in March 2010. The project was hampered by interruption of funding due to continuing resolution issues and agreement on cost share for four months in 2008. This resulted in delays in finalizing agreements with commercial partners, and in particular the Invensys testbed was not installed until December 2008 (as opposed to the March 2008 plan). The project resulted in a number of conference presentations and publications, and was well received when presented at industry forums. In spite of some interest on the part of the utility sector, we were unfortunately not able to engage a utility for a full-scale pilot deployment.
【 预 览 】
| Files | Size | Format | View |
|---|---|---|---|
| RO201704240002660LZ | 1716KB |  download |
878987797
028-85220240
