Research Themes

The fundamental idea behind zero-trust networking is to push provenance, authentication, integrity, and policy checking to edge devices in the network. In a zero-trust network compromised network devices might impede legitimate traffic, but edge devices are not fooled by corrupted traffic. Design and installation of zero-trust technology introduces significant added complexity to security management on edge devices. A real challenge is understanding if and how zero-trust networking can be effectively deployed in energy system OT networks.

The classic Purdue model for OT systems defines system layers Enterprise, DMZ, Operational and Control, Process, and, Physical, conceptualized as a “North-South.” A layer is often treated as a single security zone, with security policies (like Biba) imposed between them. The problem is that better trust management is required within a layer, e.g., between RTUs within the Process layer. The challenge problem is to understand how to introduce so-called ‘East-West’ management of security.

A significant factor that leads to compromised computer systems is design and implementation flaws in the software components. Security must be “baked” in, and part of that involves the methodologies and testing that are used in the development of that software. The needs extend throughout the software’s entire lifecycle (requirements, planning, design,
development, testing, deployment, maintenance).

New devices, applications, and systems designed to improve security are often envisioned without considering the dependence that the security they provide has on the security of the new entity itself. For example, introduction of PKI within an OT network necessitates introduction of a certificate server, which, if compromised or inaccessible, inhibits the security apparatus that depends on the PKI. The challenge is to identify techniques, methodologies, and/or analyses that help one to identify, consider, or forestall the risks attendant with introduction of that technology.

Advancing software and hardware technologies for protecting energy systems from cyber malfeasance.

Examples include:
• Intrusion detection tailored to energy systems
•  Technologies for describing and analyzing cyber attacks and defenses in energy systems
•  Hardware support for device identification
•  Decision aids for application of security controls in energy systems
•  Security for energy system micro-electronics
•  Evaluation of access-control devices against formalized security policies typical in energy systems
•  Many others that are focused on protection in energy systems.

Grid modernization increases reliance on data for human and machine-assisted management of grid operations. Emerging technologies such as machine learning and other advanced analytics increase that data dependency by several orders of magnitude. New concepts like zero trust challenge traditional data architecture assumptions. Use of digital twins for near real-time and real-time simulations require data from multiple sources to describe operating conditions.

Examples include: 
•  Develop metrics that define data quality for training sets, e.g., including provenance information to mitigate data poisoning threats.
•  Develop means of managing data and continuously assessing its trustworthiness in distributed and decentralized applications that include on premise and cloud-based storage.
•  Develop data schema standards to eliminate the friction of standardization and normalization of aggregated data from different sources.

Society is on the cusp of a new energy ecosystem, driven by requirements for efficiency and decarbonization as well as advances in energy sources, electric transportation, and market models. Realizing this vision will require a secure digital infrastructure for secure interoperability, trust relations among multiple stakeholder communities, secure and verifiable transactions, integration of non-conventional generation at multiple grid scales, and secure cloud operations.