Energy lab develops Sophia to help secure SCADA systems
- By Kathleen Hickey
- Sep 20, 2012
New cybersecurity software developed by an Energy Department lab specifically for utilities and other industrial systems could be available as early as next month.
The Idaho National Laboratory's Sophia software sentry, funded by the Energy Department's Office of Electricity Delivery & Energy Reliability (DOE-OE) and the Homeland Security Department, passively monitors networks to help operators detect intruders and other anomalies.
The need for such software emerged about seven years ago, Gordon Rueff, who led Sophia's development with INL colleagues Jared Verba, Kenneth Rohde and Corey Thuen, said in an INL announcement.
Security ‘chaos’ leaves utility grids vulnerable, report says
Hacks of municipal water, power services prompts DHS warning
"Until recently there wasn't much of a market for security tools or even situational awareness tools inside a control system because your control system was here, your Internet was over here, and they didn't talk. That's no longer the case. Now users have to think about cybersecurity."
Industrial systems such as power plants have concentrated on physical security because they were not connected to the Internet, but that has changed as operators have added computer networks.
Work on Sophia, named after the Greek goddess for wisdom, began three years ago. It is a tool to automate real-time monitoring on static Supervisory Control and Data Acquisition (SCADA) system networks – those with fairly fixed communications patterns. Anything out of the ordinary triggers an alert.
If the program detects suspicious activity, it alerts an operator or network administrator, who can then decide if the activity is threatening.
"Sophia doesn't try to make that distinction, it just says, 'Hey, there's a new device,' or 'You've got a new communication pathway; you need to figure out what it is,' " Rueff said. "It could be something as simple as someone installed a new unit that is supposed to be there."
The program is available over an Internet browser via an XML application programming interface. For proof-of-concept security tests, Sophia was limited to local host connections. INL has completed two rounds of testing, the second involving dozens of companies, and Sophia is slated for commercial availability in October, INL said.
"It really is the flagship," said David Kuipers, a program manager with the National SCADA Test Bed Program at INL. "It's the first technology of this group that will be transitioned to industry."
Misty Benjamin, an INL spokeswoman, noted in a an article in the Post Register of Idaho Falls that using Sophia drops the time spent monitoring these systems to four hours, down from a week’s worth of man-hours.
About 30 companies participated in testing the software, including Idaho Falls Power and Austin Energy.
Concerns about the security of industrial systems such as water and power plants has been heightened in recent years by the discovery of the Stuxnet worm, reportedly part of a U.S.-led cyber warfare campaign that disrupted uranium processing in an Iran nuclear facility. It was called by security researchers the first weaponized malware because of its sophistication and precise target, and its discovery led to speculation about whether a similar tool could target systems in the United States.
A research team showed in July 2011 how a Stuxnet-like attack on programmable logic controllers used in prisons could wreak havoc, taking control of doors, gates, video surveillance systems and alarms. Other researchers have focused on vulnerabilities on the electrical grid, particularly as the United States moves toward an Internet-connected smart power grid.
The challenge to providing cybersecurity to the nation’s electrical grid was the subject of a July 17 hearing before the Senate Energy and Natural Resources Committee. The need to secure the private-sector infrastructure is critical to national security, but outside of government’s direct control. Improving the grid’s cybersecurity is also hampered by a cumbersome regulatory process and a lack of enforcement, government and industry witnesses told the panel.