Ambassador Project (Final Report)

Abstract

SEL, in collaboration with its partners, performed research, development and demonstration of a trust, data, and resource management software layer enabling multiple software applications from different suppliers to operate in a Software Defined Infrastructure. The Energy sector has successfully deployed Software Defined Networking (SDN) technology and is rapidly scaling deployments. One major benefit of SDN is the abstracted centralized nature of the orchestration and management of the network. This architecture enables end users to deploy new technology and capabilities as quickly as they perform firmware upgrades to field devices. When an end user needs to roll trucks to install new equipment, they simply deploy new software to run on top of this SD-Infrastructure. This has attracted many software companies to develop value added features and introduce new capabilities, which is all good for the industry but has also introduced new challenges, including how to manage trust between these software applications, how to manage the data integrity and access, and how to manage access to the network resources each of these software applications are demanding. Completion of this project developed and demonstrated a safe and reliable resource scheduler and cybersecurity trust management communication platform allowing multiple software applications to operate in a SD-Infrastructure resulting in the commercialization of a software eco-system and architecture that maintains interoperability, cybersecurity, and reliability where the end user can safely scale out their software to leverage the powerful benefits of SDN. The Ambassador project recognized the extreme cybersecurity and operational benefits Software Defined Networking (SDN) provides critical infrastructure control system networks in the Energy sector. The Ambassador project built on top of the successfully completed and commercialized products researched and developed under the previous DOE CEDS program projects, such as the Watchdog Project, and utilized the research findings under the DOE CEDS Chess Master Project. Based on the first-hand principle investigator engineering experience of these prior CEDS projects there was a need for a solution to be engineered to manage the trust, data, and resources that are passed between software applications that operate in the SD-Infrastructure eco-system. The participants in the Ambassador project developed a software architecture that manages the trust, data, and resource allocations safely and securely between software applications from multiple suppliers that all operate on the same SD-Infrastructure. This software architecture was demonstrated and tested in a controlled power system lab environment. The solution is focused on maintaining the security of the data, change management, and user attribution. Security requirements and priorities are driven by the system owner participants. The software developed also included the resource management required with event driven operations so different software applications don’t interfere with other software applications or contradict each other. At the end of the project, the partners commercially released a software architecture capable of managing the safe, secure and reliable operation of a multi-application software eco-system all operating on the same SD-Infrastructure. Each of the suppliers partnering on this project released software applications that operate in this eco-system. In total four new capabilities were developed and released that improve the cybersecurity for the Energy sector. Juniper’s application focused on circuit provisioning and telemetry monitoring. Dragos’ application focused on intrusion detection and incident response with the capability to integrate automated active defense. SEL solution focused on self-configuration of substation networks based on the IEC61850 substation configuration description file. An event bus software program that establishes trust and information exchange management between the applications and solutions.