Online tools have been developed by U.S. Pacific Northwest National Laboratory to help utilities identify and respond to cybersecurity vulnerabilities.

Utility operators can quickly identify control system devices connected to the internet and their known vulnerabilities with Mitigation of Externally Exposed Energy Delivery Systems (MEEDS). The software offers an easy-to-use cyber-risk management system to find exposed and vulnerable networks and devices before attackers do. The system is designed specifically for critical infrastructures and queries devices to identify risks, analyzing information from online cyber-vulnerability databases to quickly assign a limited potential relative risk severity to those exposed devices. A dashboard signals security alerts as MEEDS generates risk mitigation action recommendations, relative vulnerability risk grades and relative risk scores.

The second tool detects vulnerabilities in energy delivery systems that can arise inside a utility’s firewall. The Safe, Secure Autonomous Scanning Solutions for Energy Delivery Systems (SSASS-E) helps utilities manage cyber risk by tracking and reporting on devices on an internal network. Since the active scans commonly used to search information technology (IT) networks can cause faults in control devices, the software developers adapted an IT-like approach to safer, passive scanning using intelligent active and passive probes that won’t cause failures or down time in operational technology environments. Tests demonstrated the ability of the SSASS-E prototype to identify energy delivery-based devices and discover vulnerabilities without disrupting operation of devices.

MEEDS is an easy-to-use cybersecurity software application designed for utilities. Source: Todd Billow/U.S. Pacific Northwest National Laboratory