Real-Time SCADA Cyber Protection Using Compression Techniques

The Department of Energy’s Office of Electricity Delivery and Energy Reliability (DOE-OE) has a critical mission to secure the energy infrastructure from cyber attack. Through DOE-OE’s Cybersecurity for Energy Delivery Systems (CEDS) program, the Idaho National Laboratory (INL) has developed a method to detect malicious traffic on Supervisory, Control, and Data Acquisition (SCADA) network using a data compression technique. SCADA network traffic is often repetitive with only minor differences between packets. Research performed at the INL showed that SCADA network traffic has traits desirable for using compression analysis to identify abnormal network traffic. An open source implementation of a Lempel-Ziv-Welch (LZW) lossless data compression algorithm was used to compress and analyze surrogate SCADA traffic. Infected SCADA traffic was found to have statistically significant differences in compression when compared against normal SCADA traffic at the packet level. The initial analyses and results are clearly able to identify malicious network traffic from normal traffic at the packet level with a very high confidence level across multiple ports and traffic streams. Statistical differentiation between infected and normal traffic level was possible using a modified data compression technique at the 99% probability level for all data analyzed. However, the conditions tested were rather limited in scope and need to be expanded into more realistic simulations of hacking events using techniques and approaches that are better representative of a real-world attack on a SCADA system. Nonetheless, the use of compression techniques to identify malicious traffic on SCADA networks in real time appears to have significant merit for infrastructure protection

Real Time Quantitative Radiological Monitoring Equipment for Environmental Assessment

The Idaho National Laboratory (INL) has developed a suite of systems that rapidly scan, analyze, and characterize radiological contamination in soil. These systems have been successfully deployed at several Department of Energy (DOE) laboratories and Cold War Legacy closure sites. Traditionally, these systems have been used during the characterization and remediation of radiologically contaminated soils and surfaces; however, subsequent to the terrorist attacks of September 11, 2001, the applications of these systems have expanded to include homeland security operations for first response, continuing assessment and verification of cleanup activities in the event of the detonation of a radiological dispersal device. The core system components are a detector, a spectral analyzer, and a global positioning system (GPS). The system is computer controlled by menu-driven, user-friendly custom software designed for a technician-level operator. A wide variety of detectors have been used including several configurations of sodium iodide (NaI) and high-purity germanium (HPGe) detectors, and a large area proportional counter designed for the detection of x-rays from actinides such as Am-241 and Pu-238. Systems have been deployed from several platforms including a small all-terrain vehicle (ATV), hand-pushed carts, a backpack mounted unit, and an excavator mounted unit used where personnel safety considerations are paramount. The INL has advanced this concept, and expanded the system functionality to create an integrated, field-deployed analytical system through the use of tailored analysis and operations software. Customized, site specific software is assembled from a supporting toolbox of algorithms that streamline the data acquisition, analysis and reporting process. These algorithms include region specific spectral stripping, automated energy calibration, background subtraction, activity calculations based on measured detector efficiencies, and on-line data quality checks and measures. These analyses are combined to provide real-time areal activity and coverage maps that are displayed to the operator as the survey progresses. The flexible functionality of the INL systems are well suited to multiple roles supporting homeland security needs

Radiological Monitoring Equipment For Real-Time Quantification Of Area Contamination In Soils And Facility Decommissioning

The environmental restoration industry offers several sys¬tems that perform scan-type characterization of radiologically contaminated areas. The Idaho National Laboratory (INL) has developed and deployed a suite of field systems that rapidly scan, characterize, and analyse radiological contamination in surface soils. The base system consists of a detector, such as sodium iodide (NaI) spectrometers, a global positioning system (GPS), and an integrated user-friendly computer interface. This mobile concept was initially developed to provide precertifica¬tion analyses of soils contaminated with uranium, thorium, and radium at the Fernald Closure Project, near Cincinnati, Ohio. INL has expanded the functionality of this basic system to create a suite of integrated field-deployable analytical systems. Using its engineering and radiation measurement expertise, aided by computer hardware and software support, INL has streamlined the data acquisition and analysis process to provide real-time information presented on wireless screens and in the form of coverage maps immediately available to field technicians. In addition, custom software offers a user-friendly interface with user-selectable alarm levels and automated data quality monitoring functions that validate the data. This system is deployed from various platforms, depending on the nature of the survey. The deployment platforms include a small all-terrain vehicle used to survey large, relatively flat areas, a hand-pushed unit for areas where manoeuvrability is important, an excavator-mounted system used to scan pits and trenches where personnel access is restricted, and backpack- mounted systems to survey rocky shoreline features and other physical settings that preclude vehicle-based deployment. Variants of the base system include sealed proportional counters for measuring actinides (i.e., plutonium-238 and americium-241) in building demolitions, soil areas, roadbeds, and process line routes at the Miamisburg Closure Project near Dayton, Ohio. In addition, INL supports decontamination operations at the Oak Ridge National Laboratory

Real-Time Remediation Utilizing The Backpack Sodium Iodide System And The U.S. EPA Triad Approach

Real-time characterization during remediation activities is being accomplished at the Idaho National Laboratory (INL) with the use of the backpack sodium iodide system (BaSIS). The BaSIS is comprised of a 3-in. by 5-in. sodium iodide (NaI) detector, differential corrected global positioning system (GPS), and portable computer, integrated into a lightweight backpack deployment platform. The system is operated with specialized software that allows the operator and/or remediation field manager to view data as they are collected. Upon completion of planned excavation stages, the area is surveyed for residual radiological contamination. After data collection is complete, data is available to the remediation field manager as a contour map showing the area(s) that require further excavation. The use of real-time measurement systems, rapid turn-around time of data, and dynamic work strategy support the U.S. Environmental Protection Agency’s (EPA) Triad approach. Decisions are made in real-time as to the need for further remediation. This paper describes the BaSIS system calibration, testing and use, and outlines negotiations with the appropriate CERCLA regulatory agencies (U.S. Environmental Protection Agency, Idaho Department of Environmental Quality, and U.S. Department of Energy Idaho Operations Office) to allow the use of real-time instrumentation during the remediation process, and for confirmation surveys. By using the BaSIS in such a manner, the INL seeks to demonstrate compliance with remediation objectives

Using System Dynamics to Define, Study, and Implement Smart Control Strategies on the Electric Power Grid

The United States electric power grid is the most complex and expansive control system in the world. Local generation control occurs at individual units based on response time and unit economics, larger regional control coordinates unit response to error conditions, and high level large-area regional control is ultimately administered by a network of humans guided by economic and resiliency related factors. Under normal operating conditions, the grid is a relatively slow moving entity that exhibits high inertia to outside stimuli, and behaves along repeatable diurnal and seasonal patterns. However, that paradigm is quickly changing because of the increasing implementation of renewable generation sources. Renewable generators by nature cannot be tightly controlled or scheduled. They appear like a negative load to the system with all of the variability associated with load on a larger scale. Also, grid-reactive loads (i.e. smart devices) can alter their consumption based on price or demand rules adding more variability to system behavior. This paper demonstrates how a systems dynamic modeling approach capable of operating over multiple time scales, can provide valuable insight into developing new “smart-grid” control strategies and devices needed to accommodate renewable generation and regulate the frequency of the grid

Modeling and Simulating Blast Effects on Electric Substations

A software simulation tool was developed at the Idaho National Laboratory to estimate the fragility of electric substation components subject to an explosive blast. Damage caused by explosively driven fragments on a generic electric substation was estimated by using a ray-tracing technique to track and tabulate fragment impacts and penetrations of substation components. This technique is based on methods used for assessing vulnerability of military aircraft and ground vehicles to explosive blasts. An open-source rendering and ray-trace engine was used for geometric modeling and interactions between fragments and substation components. Semi-empirical material interactions models were used to calculate blast parameters and simulate high-velocity material interactions between explosively driven fragments and substation components. Finally, a Monte Carlo simulation was added to model the random nature of fragment generation allowing a skilled analyst to predict failure probabilities of substation components