Bridging The Gap Between Industry And Academia 14 th Annual Security & Compliance Summit Anaheim, CA Dilhan N Rodrigo Managing Director-Smart Grid Information Trust Institute/CREDC University of Illinois at Urbana-Champaign
I will discuss The challenge Growing threat to the nation s critical energy delivery system (EDS) Importance of collaboration between industry and academia Why cutting edge research is needed Examples of when I-A collaboration worked well Hope for the future.. Value proposition Acknowledgment - This material is based upon work supported by the Department of Energy under Award Number DE-OE0000780. Disclaimer - This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof. cred-c.org 2
About CREDC Multidisciplinary research and development Ten academic research institutions Two national labs Industrial advisory board and participation Cybersecurity and cyber-resiliency of Energy Delivery Systems (EDS) Supports Roadmap to Achieve Energy Delivery Systems Cybersecurity R&D ecosystem that leads directly to applications and methodologies that are validated in realistic contexts Funding U.S. Department of Energy Office of Electricity Delivery & Energy Reliability U.S. Department of Homeland Security Science & Technology Directorate Industry Membership Support cred-c.org 3
CREDC Partners cred-c.org 4
Lets Talk Priorities Different priorities and motivators for industry and academia? cred-c.org 5
The Challenge The U.S. electric grid covers of over 700,000 miles of transmission lines and over 55,000 substations linking over 7,000 power plants to around 150 million customers The U.S. energy pipeline network covers over 2.9 million miles of pipeline transporting natural gas, oil, and hazardous liquids These vast networks are the critical backbone of U.S. energy supply, supporting the vast majority of U.S. economic activity and playing a vital role in national defense Physical threats to the U.S. power grid and pipelines have long worried policymakers, cyber threats to the computer systems that operate this critical infrastructure are an increasing concern Over the past decade, cyber threats against energy infrastructure have grown in frequency and severity. While most of these threats have been against the electric subsector, pipeline systems have also faced growing risk to their information communications technology cred-c.org 6
The Challenge Surveys indicate a shortage of cybersecurity skills Millennials consider utilities last century organizations Hacking the Skills Shortage-McAfee Bureau of Labor Statistics cred-c.org 7
Why cutting edge research is needed The landscape is changing and evolving.. cred-c.org 8
Collaborative R&D Ecosystem cred-c.org 9
Examples of when I-A collaboration worked well cred-c.org 10
Technology Transition under TCIP/TCIPG AMILYZER Monitors traffic among meters and access points at the network, transport, and application layers to ensure that devices are running in a secure state and that their operations respect a specified security policy Has been successfully deployed by a utility partner since December 2012 and is currently monitoring a 100,000-meter AMI deployment NETWORK PERCEPTION Tool that analyzes security vulnerabilities in networked systems Developed and commercialized the NP-View tool to help power utilities prepare for NERC CIP audits cred-c.org 11
Hope for the Future INCREASING CYBER-RESILIENCE OF LARGE-SCALE AND LONG-LIVED ENERGY DELIVERY INFRASTRUCTURE (EDI) How to protect against 0-days and forever-day vulnerabilities? Developing open source automated parser generator for general use by industry Early industry partner incorporating secured DNP3 parser to their technology Potential for wide spread impact on security products by multiple vendors cred-c.org 12
Hope for the Future FAST AND SCALABLE AUTHENTICATION IN ENERGY DELIVERY SYSTEMS Focused on authenticating communications using sound cryptography and key-related techniques between the field devices and control room Multiple industrial partners involved from beginning Macaroon-based lightweight TLS replacement tool and demonstration on its effectiveness on the MQTT protocol with industry partner cred-c.org 13
Benefits of working with Academia Exposure to a knowledge base larger than a single organization leading to: More informed decisions about technology investments Foreknowledge of emerging threats Discovery and use of tools that give better insight into what systems are doing Access to future employees and workforce development Influence development of technology that address specific problems Gives a sounding board for questions about emerging technologies Low cost high quality research Lower risk exposure Helping the nation! Cyber-security of critical infrastructure is a team sport cred-c.org 14
Thank You! http://cred-c.org @credcresearch info@cred-c.org drodrigo@illinois.edu facebook.com/credcresearch/ www.linkedin.com/company/credcresearch/ cred-c.org 15