Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > EDA/IP

Power grids offer path to effective malware detection

Posted: 27 Jan 2015 ?? ?Print Version ?Bookmark and Share

Keywords:PFP Cybersecurity? power grid? Stuxnet? malware? DARPA?

Security startup PFP Cybersecurity has developed an innovative technique to spot cyber attacks against power and manufacturing plants. By using trends in power consumption activity, rather than standard malware detection, the technology successfully spotted Stuxnet in an experimental network before the malware went into a disastrous spree.

PFP Cybersecurity, which officially launches on Monday and was originally funded by DARPA, the U.S. Department of Defence, and the Department of Homeland Security, basically establishes the baseline power consumption of ICS/SCADA equipment such as programmable logic controllers (PLCs), supervisory relays, or other devices and issues an alert when power consumption or RF radiation changes outside of their baseline usage occur. Such changes could be due to malware, as well as to hardware or system failures, for instance.

The U.S. Department of Energy's Savannah River National Laboratory (SRNL) recently tested the PFP technology's ability to detect Stuxnet on a Siemens SIMATIC S7-1200 PLC. Joe Cordaro, advisory engineer with SRNL, said the PFP system right away found Stuxnet on the PLC, before the infamous malware began to activate, while it was dormant on the PLC. "The dormant state is a lot tougher to find because there are no outward signs, and little or no impact on the processor," Cordaro stated. "We did some subsequent [malware] tests on other PLCs with the same results."

SRNL also plans to test the technology on protective relay devices, which form the backbone of the power grid. Those devices were thrust into the limelight during the 2013 Superbowl in the New Orleans Superdome, when the power went out for several minutes during the third quarter of the game after a protective relay was tripped due to a programming error. "What that showed you was that someone could hack into the protective relays of the US power grid and cause brownouts and blackouts," Cordaro noted. "We're working with PFP on a contract ... to characterise baselining the protective relays" and running this in a test bed that ultimately will provide RD information to U.S. utilities, he stated.

Cordaro said what makes PFP's continuous monitoring approach attractive to an ICS/SCADA network is that it's not tied to the IT or relay networks, and doesn't disrupt sensitive plant operations. These networks are notoriously sensitive to any invasive or disruptive security tools or software updates, which often results in plants not bothering with security tools at all.

PFP executives said their technology runs in an air-gapped mode, monitoring any fluctuations in electromagnetic frequencies and power usage. Sensors, or probes, sit on devices and systems on the plant floor, and they feed power information to PFP's so-called eMonitor appliance that monitors multiple PLCs.

"We give ... very early detection, within milliseconds, that something is going on," said Thurston Brooks, VP of product marketing for PFP. That could mean a hardware or software failure, or malware, he added. Malware generates power when it checks the system time, for instance.

1???2?Next Page?Last Page

Article Comments - Power grids offer path to effective ...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top