Title: Autonomous Tools for Attack Surface Reduction (Final Report)

The electric power grid is a complex critical infrastructure that forms the lifeline of modern society, and its secure and reliable operation is of paramount importance to national security and economic wellbeing. However, recent findings documented in authoritative sources indicate the threat of cyber-based attacks growing in numbers and sophistication. However, securing the grid against stealthy cyberattacks is a challenging task due to legacy nature of the infrastructure coupled with dynamic nature of threat landscape and ever-growing sophistication of the adversaries. Additionally, the grid’s attack surface continues to grow with the increased dependence on digital communications and control that now extends to each consumer through smart meters and distributed energy resources. Unfortunately, this expansive surface increases the grid’s vulnerability and further exposes critical control systems in both substations and control centers. To respond to this emerging need, we had successfully assembled an interdisciplinary team with academic- industry partnership to successfully conduct research, development, evaluation, demonstration, and commercialization of attack surface reduction tools, whose goal was to significantly reduce the cyber attack surface in the North American power grid. Our proposed project was a synergistic collaborative effort leveraging the synergistic expertise of the team members across power systems, cyber security and CPS security, testbeds, field deployments and demonstration, and successful commercialization. The following are the specific tasks that have been successfully completed two phases (2016-2020). Phase I: Task 1: Developed and implemented a robust Project Management and Data Management Plan, coupled with a well thought out Risk Mitigation Plan. Task 2.1: Developed a comprehensive framework that continually assesses and autonomously reduces the attack surface for the power grid control environment spanning across substations, control center and the SCADA network to significantly reduce the risks of cyber attacks. Task 2.2: Developed attack surface analysis techniques, metrics, and tools that assess the attack surface at multiple levels including the control center, substations, and the SCADA network. Task 2.3: Developed attack surface reduction techniques and tools that dynamically reduce attack surface and hence increase attacker’s cost without interfering in the critical functions of the system. Task 2.4: Prototyped, implemented, and quantitatively evaluated/validated the techniques and tools on a realistic industrial CPS security testbed environment by leveraging the unique resources of the team. Task 3: Developed Commercialization plan to transition the developed tools into power system industry stakeholders for a broader adoption by leveraging the expertise of our industrial members. Phase II: Task 4: Successfully completed field demonstration, verification, and evaluation of the effectiveness of the attack surface analysis and reduction techniques on a realistic utility testbed environment. This also involved the development of realistic scenarios, sound metrics, data sets, evaluation criteria, and documentation. Technology integration & Field demonstration: The project had significantly advanced the state-of-the-art research and practice in improving the cybersecurity of our nation’s power grid infrastructure against cyber threats. In particular, the proposed, designed, and deployed attack surface analysis and reduction algorithms and tools have contributed to significantly reducing the exposure and risk of the devices, substations, and the integrated SCADA/EMS/ DMS grid environment to cyber threat. Strong demonstration and evaluation techniques have verified the feasibility of the developed techniques on realistic cyber-physical testbeds and utility partner's real grid environment, and collaborative research and evaluation of attack surface reduction techniques (for wide-are monitoring and control) within a vendor (GE) EMS platform. The Attack Host Analyzer (AHA) tool that was developed through this project was made available through GitHub.