Partnership to demonstrate automated vulnerability detection for smart grid


Oak Ridge, TN, U.S.A. — (METERING.COM) — October 18, 2011 – EnerNex, Sensus and Oak Ridge National Laboratory (ORNL) have announced a partnership to conduct a demonstration of the Automated Vulnerability Detection (AVUD) system for cyber security vulnerability detection in smart grid components.

The system, known as the Function Extraction or FX system, will apply the newly developed technology of software behavior computation. Initially the focus will be on improving security in software that controls smart meters.

As part of the joint collaboration, Sensus is providing smart meter architecture, firmware and source code to be evaluated, EnerNex is contributing expertise in evaluating smart grid utility technologies, and ORNL devised the FX technology evaluation platform to perform static analysis of the compiled software and device firmware.

FX technology is a powerful analytical technique that will be used to compute the behavior of software in all circumstances of use to determine everything it does, and to detect the inclusion of vulnerabilities in smart grid components.

By directly analyzing the compiled software, AVUD will be able to detect the inclusion of both unintended and maliciously inserted vulnerabilities. Based on this information mitigations for these vulnerabilities can be recommended.

According to Sandy Bacik, principal consultant, AVUD co-principal investigator at EnerNex, once the AVUD project is complete, the FX technology could prove beneficial in the development life cycle for smart grid components in tandem with ongoing quality assurance testing.

“The software present in smart meters is the initial target for this effort,” Bacik said. “While testing can only provide information about the specific scenarios actually observed, static analysis with FX can provide information about system behavior under any circumstances of use, and provides a significantly more robust means of vulnerability detection.”

The AVUD project is being funded by the U.S. Department of Energy’s Office of Electricity Delivery and Energy Reliability.