Design Considerations for Distributed Energy Resource Honeypots and Canaries
- Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
There are now over 2.5 million Distributed Energy Resource (DER) installations connected to the U.S. power system. These installations represent a major portion of American electricity critical infrastructure and a cyberattack on these assets in aggregate would significantly affect grid operations. Virtualized Operational Technology (OT) equipment has been shown to provide practitioners with situational awareness and better understanding of adversary tactics, techniques, and procedures (TTPs). Deploying synthetic DER devices as honeypots and canaries would open new avenues of operational defense, threat intelligence gathering, and empower DER owners and operators with new cyber-defense mechanisms against the growing intensity and sophistication of cyberattacks on OT systems. Well-designed DER canary field deployments would deceive adversaries and provide early-warning notifications of adversary presence and malicious activities on OT networks. In this report, we present progress to design a high-fidelity DER honeypot/canary prototype in a late-start Laboratory Directed Research and Development (LDRD) project.
- Research Organization:
- Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)
- Sponsoring Organization:
- USDOE National Nuclear Security Administration (NNSA); USDOE Laboratory Directed Research and Development (LDRD) Program
- DOE Contract Number:
- NA0003525
- OSTI ID:
- 1821540
- Report Number(s):
- SAND2021-11609; 699602
- Country of Publication:
- United States
- Language:
- English
Similar Records
Identifying Adversarial Cyber-Activity in Operational Technology Environments Using Bayesian Networks
HP in Cybersecurity: CyOTE