Securing Civilian Infrastructure Systems from Cyberattacks

Livermore researchers are protecting critical networks through technologies that can identify and detect cyberattacks for improved system resilience.

Addressing the Increased Threat

Seeking political, economic, and military advantage, state-level adversaries— such as Russia, China, and North Korea—have developed capabilities to wage sophisticated cyberattacks on the U.S. as well as its allies and partners. In addition to posing a threat to the military and intelligence communities, cyberattacks could also catastrophically disrupt the nation's critical infrastructure systems, such as water, transportation, and energy. Other potential sources of cyberattacks include highly skilled groups and networks (the Islamic State of Iraq and Syria, for example) as well as individuals. Livermore is responding to threats from adversaries and highly skilled groups with a multilayered defense strategy. Key components of this strategy include ongoing research and development, partnerships with utilities and industry, and programs designed to identify cyberthreats and protect infrastructure systems.

Applying a Range of Capabilities

Lexi, a remote-controlled robot.
Cyberattacks by state-level adversaries pose a significant threat to key U.S. infrastructure systems.

Livermore is using a diverse group of scientific approaches to address the national cybersecurity threat, including:

  1. High-fidelity modeling and simulation of cyber–physical systems that simulate an infrastructure system at multiple scales;
  2. Machine learning and data analytics for threat detection and response that leverage the Laboratory's data science capabilities by taking information from multiple connected systems and gathering information about their behavior from various data points;
  3. Collaborative autonomy for cybersystems resilience that creates decentralized control systems so that an attack of a master node will not affect the security of all remaining nodes;
  4. Automated software assurance capabilities such as the Livermore-developed ROSE software infrastructure, which optimizes code on various computer platforms for identifying system vulnerabilities;
  5. Network characterization and security through the Laboratory's Network Mapping System (NeMS), an application that actively and passively scans a network to monitor activity and allows researchers to create models of those networks; and
  6. Cyber-risk and resilience efforts that include Livermore-developed methodologies to quantitatively measure or assess a system's risk.


Decentralizing Risk through Solar Panel Devices

The electrical grid manages distributed energy resources (DERs)—small grid-connected devices that can generate energy, such as solar photovoltaic systems—at its distribution management system control center. This centralized approach provides an attractive target for cyberattacks that could cause wide-scale grid disruption. To solve this problem, Livermore researchers are harnessing the computing power of real-time automation controllers (RTACs)—data devices attached to a solar panel's solar inverter that traditionally execute commands from the control center—to verify directives from the system are valid and not malicious. Funded by the Department of Energy's Solar Energy Technologies Office, project researchers are developing an algorithm that enables RTACs in a defined area (such as a neighborhood or city) to cooperatively verify the control center's commands. The algorithm uses a distributed computing approach called collaborative autonomy, wherein the present estimated state, or health, of the grid (indicated by metrics such as voltage or currents at various locations) is compared to a projection of how healthy the grid would be if RTACs followed the management system's commands. If RTACs collectively determine that the commands would cause grid instability, they raise an alert to control center operators.

Geos simulation.
Livermore works to understand code inefficiencies and bugs—both intentional and unintentional—in software and firmware that reside in our critical networks.

Automated Threat Technology Protects California's Grid

Livermore is partnering with the state's largest utilities (Pacific Gas & Electric, SoCal Edison, and San Diego Gas & Electric) to help them increase cybersecurity of the power grid using a Machine to Machine Automated Threat Response (MMATR) approach. MMATR is expected to enrich and streamline the gathering of threat intelligence, lower the risk of cyberattacks, reduce the mean time to discovery of attacks, and increase grid resiliency. Funded by the California Public Utilities Commission, the California Energy Systems for the 21st Century (CES-21) five-year research and development project is leveraging the Laboratory's modeling and simulation capabilities to simulate cyberattacks on the grid. CES-21's goals are to understand and distinguish between legitimate threats and nuisance incidents, identify indicators for cyberattacks and determine how to detect them, and develop response strategies to mitigate impacts.

Future Directions

Livermore will focus on developing intelligent and self-healing systems that can detect and respond to traditional cyberthreats while maintaining resiliency—and operability through varying degrees of compromise. It aims to design protection systems so that adversaries cannot disable an entire network through one critical attack. Such a system would protect the central node and allow only isolated portions of the network to fail in the event of a cyberattack.