Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Evaluating software defined networking solutions to reduce the digital attack surface of nuclear security systems

Conference ·
OSTI ID:1604752
 [1];  [1];  [1];  [2]
  1. BATTELLE (PACIFIC NW LAB)
  2. Idaho National Laboratory
+ Show Author Affiliations
Most nuclear security systems used today were not designed for today’s threat environment. Systems that were intended to be stand alone are now interconnected. Devices that have a single purpose are built on multi-purpose platforms and communication protocols that, while effective, have no ability to authenticate authorized versus unauthorized commands. These attributes provide an attacker significant ability to affect the system, pivot throughout the interconnected networks, and remain undetected if he/she is able to compromise a single node. Software defined networking (SDN) has been used for years by information technology (IT) cloud service providers to quickly provision or remove servers or other systems to meet changing demand. The same concept has recently been applied to operational technology (OT) systems to enable very fast failover on critical systems that have stringent and deterministic (<5ms) transmit/receive times. By carefully engineering the communication flows through a network using preplanned routes and specific pathways it is possible to achieve deterministic and extremely reliable message delivery even when components fail. This engineering approach to network design has added security benefits including securing the networking control plane, eliminating network scanning and mapping, inhibiting ARP spoofing and host masquerading, eliminating unauthorized network pivoting and enabling greater situational awareness on the network. SDN in OT environments is new but early testing in electrical power and other critical infrastructure has shown it to be a very powerful tool for building reliable networks and reducing the digital attack surface of the network. The authors tested a software defined network switch on a simple physical protection system with components commonly found in nuclear security systems and found improved mitigations to denial of service attacks, lateral movement and network reconnaissance. The paper details the tests and their results.
Research Organization:
Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)
Sponsoring Organization:
USDOE
DOE Contract Number:
AC05-76RL01830
OSTI ID:
1604752
Report Number(s):
PNNL-SA-149341
Country of Publication:
Austria
Language:
English

Similar Records

Deploying Software-Defined Networking in Operational Technology Environments
Journal Article · Wed Apr 14 00:00:00 EDT 2021 · Journal of Information Warfare · OSTI ID:1777165
Network reliability assessment
Patent · Tue Jun 20 00:00:00 EDT 2017 · OSTI ID:1532000
Automatic DDoS Attack Detection on SDNs: Preprint
Conference · Tue Sep 27 00:00:00 EDT 2022 · OSTI ID:1890731

Related Subjects

Cyber security
Nuclear security
software defined networking
operational technology