DARPA looks to help utility companies survive power grid cyberattacks
- By Mark Pomerleau
- Dec 16, 2015
U.S. government officials and experts have been warning for some time of the vulnerability of the nation’s critical infrastructure, particularly the power grid. A successful cyberattack on the grid could take power offline, rendering an unthinkable scenario of chaos and expense.
The Defense Department’s research arm is seeking to do something about this vulnerability with regard to both prevention and response. The Defense Advanced Research Projects Agency has released a Broad Agency Announcement for its Rapid Attack Detection, Isolation and Characterization Systems program to research methods for enabling early detection of cyber threats to the power grid infrastructure as well as reduce the time for power restoration.
RADICS seeks to not only address today’s key dependencies on the grid, but focus on how they will evolve over the next 10 years. As the solicitation notes, industrial control systems for utilities have been hosted on an infrastructure that made it immune from cyber threats. However, over the past two decades, costs have driven a convergence of conventional information technologies with industrial control systems, opening up ICSs to cyber vulnerabilities via Internet connections and connections to other systems.
DARPA maintains that the goal of the program is to enable the restoration of power within days of an attack that overwhelms the recovery capabilities of affected organizations. “Although utilities are increasingly focused on their cyber-defense needs, the process of identifying, purchasing and installing commercial host-defensive technologies across the industry may take many years,” a release from DARPA said regarding the need for the RADICS solicitation. Currently, the restoration process could take weeks, a time period DARPA wants to significantly reduce.
“If a well-coordinated cyberattack on the nation’s power grid were to occur today, the time it would take to restore power would pose daunting national security challenges,” said John Everett, DARPA program manager. “Beyond the severe domestic impacts, including economic and human costs, prolonged disruption of the grid would hamper military mobilization and logistics, impairing the government’s ability to project force or pursue solutions to international crises.”
DARPA noted that in order for proposers to fall into the scope of the program, they should avoid depending on utilities to deploy any proposed technologies prior to an attack, as these organizations allocate their capital investments to maintain short- and long-term economic viability, and these new capabilities would be pretty far-off.
Transition of the technologies developed under RADICS to partners such as Cyber Command, ICS-CERT, National Guard Cyber Protection Units, the Army Corps of Engineers, and/or commercial cybersecurity firms is a big part of the program.
DARPA also warned that proposers should be prepared for a worst-case financial environment when developing technologies. Limited budgets and competing demands for capital investment could result in insufficient adoption of these technologies, the notice heeded.
While early detection of cyber threats – prior to deployment – is ideal, DARPA noted that this could be difficult to achieve. As such, situational awareness following an attack or incident is essential to respond. Rapid and accurate triage of affected infrastructure will improve overall recovery planning and execution, the notice stated.
Since attacks can continue on systems connected to the Internet following initial detection, isolation of effected systems is essential. As such, alternative communication links must be established in the event parts of a system need to be shut down to prevent the spread of an attack.
“Isolating affected utilities from the Internet would enable recovery efforts to proceed without adversary surveillance and interference…and providing an alternative means for online coordination would enable a more orderly restoration of power among affected organizations,” Everett said.
RADICS includes five technical areas that include situational awareness, network isolation, threat analysis, testbed and sandbox provider, and system evaluator and exercise coordinator. Multiple awards can be awarded for technical areas 1, 2 and 3, while there will only be single awards for technical areas 4 and 5.
RADICS will be a four-year program with three 16-month phases. Phase 1, called the “steel thread,” will focus on developing end-to-end systems and core technical capabilities with demonstrations and evaluations of technical areas 1, 2 and 3 during the sixth month. An initial test will take place during month nine to familiarize performers with issues cyber first responders could encounter. Phase 2, or “robust capability,” will extend Phase 1 capabilities to produce systems and tools suitable for use by engineers with two exercises – one of which involving cyber first responders. Last, the “transition” phase will focus on producing scalable, efficient and deployable capabilities. Three exercises will take place and will be considerably larger in scale from those in Phase 2.
DARPA anticipates the program will begin on July 1, 2016. Proposals are due on Feb. 11, 2016.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.