skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Energy Sector Security through a System for Intelligent, Learning Network Configuration Monitoring and Management (“Essence”)

Abstract

The project was conceived and executed with the overarching objective to provide cost effective tools to cooperative utilities that enabled them to quickly detect, characterize and take remediative action against cyber attacks.

Authors:
 [1];  [1]
  1. National Rural Electric Cooperative Association, Arlington, VA (United States)
Publication Date:
Research Org.:
National Rural Electric Cooperative Association, Arlington, VA (United States)
Sponsoring Org.:
USDOE
Contributing Org.:
Carnegie Mellon University; Pacific Northwest National Laboratory
OSTI Identifier:
1360111
DOE Contract Number:
OE0000684
Resource Type:
Technical Report
Country of Publication:
United States
Language:
English
Subject:
47 OTHER INSTRUMENTATION; 97 MATHEMATICS AND COMPUTING; Energy; Cyber; Security; Cybersecurity; Essence; Network; Monitoring; Detection

Citation Formats

Miller, Craig, and Larmouth, Robert. Energy Sector Security through a System for Intelligent, Learning Network Configuration Monitoring and Management (“Essence”). United States: N. p., 2017. Web. doi:10.2172/1360111.
Miller, Craig, & Larmouth, Robert. Energy Sector Security through a System for Intelligent, Learning Network Configuration Monitoring and Management (“Essence”). United States. doi:10.2172/1360111.
Miller, Craig, and Larmouth, Robert. Tue . "Energy Sector Security through a System for Intelligent, Learning Network Configuration Monitoring and Management (“Essence”)". United States. doi:10.2172/1360111. https://www.osti.gov/servlets/purl/1360111.
@article{osti_1360111,
title = {Energy Sector Security through a System for Intelligent, Learning Network Configuration Monitoring and Management (“Essence”)},
author = {Miller, Craig and Larmouth, Robert},
abstractNote = {The project was conceived and executed with the overarching objective to provide cost effective tools to cooperative utilities that enabled them to quickly detect, characterize and take remediative action against cyber attacks.},
doi = {10.2172/1360111},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue May 30 00:00:00 EDT 2017},
month = {Tue May 30 00:00:00 EDT 2017}
}

Technical Report:

Save / Share:
  • Describes a boiler metering and management system that achieves monitoring and automatic control through the use of a programmable logic controller coupled with a desktop computer for monitoring of boiler plant operation. The monitoring software includes trend analysis, allowing faster and more accurate diagnosis of alarms, upset conditions, and preventive maintenance scheduling to cure minor problems before they become major ones. The programmable controller uses fuzzy logic that anticipates steam load due to changes in the weather to maintain adequate capacity reserve on the boilers. The system was installed at a boiler plant in North Bay, Ontario, and performance resultsmore » and total costs of the system are presented. Calculations of environmental impacts and energy produced/consumed demonstrate the operational, utilities, and emissions related benefits of the system.« less
  • Use of a broadband Local Area Network (LAN) for transmission of classified and secure unclassified information requires monitoring capabilities which are sensitive to discrete segments of the network frequency spectrum. A viable monitoring system must be capable of detecting possible intrusion attempts or network malfunctions and alerting operating and security personnel. This report documents the results of an evaluation of the Magnavox CATV Systems Inc. Digital System Sentry software for network monitoring. Recommendations are made on its possible future role in broadband LAN security monitoring throughout the Nuclear Weapons Complex.
  • The purpose of this document is to establish the System Configuration Management Implementation Procedure (SCMIP) for the Cold Vacuum Drying Facility (CVDF) Monitoring and Control System (MCS). This procedure provides configuration management for the process control system. The process control system consists of equipment hardware and software that controls and monitors the instrumentation and equipment associated with the CVDF processes. Refer to SNF-3090, Cold Vacuum Drying Facility Monitoring and Control System Design Description, HNF-3553, Annex B, Safety Analysis Report for the Cold Vacuum Drying Facility, and AP-CM-6-037-00, SNF Project Process Automation Software and Equipment Configuration. This SCMIP identifies and definesmore » the system configuration items in the control system, provides configuration control throughout the system life cycle, provides configuration status accounting, physical protection and control, and verifies the completeness and correctness of these items.« less
  • Sandia networks consist of nearly nine hundred routers and switches and nearly one million lines of command code, and each line ideally contributes to the capabilities of the network to convey information from one location to another. Sandia's Cyber Infrastructure Development and Deployment organizations recognize that it is therefore essential to standardize network configurations and enforce conformance to industry best business practices and documented internal configuration standards to provide a network that is agile, adaptable, and highly available. This is especially important in times of constrained budgets as members of the workforce are called upon to improve efficiency, effectiveness, andmore » customer focus. Best business practices recommend using the standardized configurations in the enforcement process so that when root cause analysis results in recommended configuration changes, subsequent configuration auditing will improve compliance to the standard. Ultimately, this minimizes mean time to repair, maintains the network security posture, improves network availability, and enables efficient transition to new technologies. Network standardization brings improved network agility, which in turn enables enterprise agility, because the network touches all facets of corporate business. Improved network agility improves the business enterprise as a whole.« less
  • Policy-based network management (PBNM) uses policy-driven automation to manage complex enterprise and service provider networks. Such management is strongly supported by industry standards, state of the art technologies and vendor product offerings. We present a case for the use of PBNM and related technologies for end-to-end service delivery. We provide a definition of PBNM terms, a discussion of how such management should function and the current state of the industry. We include recommendations for continued work that would allow for PBNM to be put in place over the next five years in the unclassified environment.