The lab’s Cyber Physical Systems Security and Resilience Centre created the test bed which resulted in the discovery of a vulnerability and the eventual development of stronger systems, reported UtilityDive. [UL adopts new standards for testing cybersecurity tech]
The increased adoption of smart technologies toward the development of a smarter grid raises vulnerability to attack – this according to US government officials.
NREL’s testing methods include developing control systems and then searching for ways to break in.
Erfan Ibrahim who heads up a team at the NREL’s Cyber Physical Systems Security and Resilience Centre is supporting an effort to build the “Test Bed for Secure Distributed Grid Management.”
The test bed is said to “mimic the communications and control functions of a utility power system and allows friendly hackers to search for and correct vulnerabilities.”
UtilityDive adds that the team has located a single vulnerability in the test bed, which was traced to a misconfigured cybersecurity device.
This single vulnerability was reported to be sufficient for a hacker to gain admin rights and then launch a denial of service attack that disabled the test bed.
In an article published by the US Department of Energy (DoE), Ibrahim said: “In three and a half months, we were able to pull a real-scale test bed together, attack it, and figure out what works and what doesn’t work from a protection perspective.
“Now we’re sharing our findings with the industry to accelerate the adoption of empirically proven cybersecurity controls to systemically protect critical infrastructure.”
[quote] Following the revelation of the vulnerability at Cyber Physical Systems Security and Resilience Centre, one cybersecurity firm made improvements to its own product after running tests on the test bed, reported the US DoE.
“Before you go deploying something out in the field, don’t just take a point test in the lab and extrapolate to production; you need something in between,” Ibrahim added.
“That’s the test bed. We can scale up and run full-scale experiments—some real, some simulated—before a company goes into production with a new product.”
Image credit: www.forbes.com