The proposed team has developed a tool that addresses the security of organizations' networks to ensure that those systems are not only compliant with current regulations but also ahead of adversarial techniques. The fundamental innovation is to combine network firewall analysis with state-of-the-art network modeling techniques so that knowledge about the complete connectivity map of an organization's network can be extracted and queried in order to verify the implementation of a security policy. IT infrastructures are difficult to protect given the variety of applications and devices, the heterogeneity of communications, and the motivation and resources of adversaries.
The power industry has responded to this problem by mandating critical infrastructure protection regulations to be followed by all large electric utilities. Every year, several utilities receive penalties of up to $1,000,000 a day because of violations found in the security of their networks during audits. This proposal presents a commercialization project for the NP-View tool, a software application designed to support utilities and auditors in assessing whether networks are secure and in compliance with government NERC/CIP regulations. At the core of NP-View is a technology that uses device configurations to create a virtual network representation that accurately predicts how packets traverse networks and provides analysis of a given network security policy. The benefits for network compliance officers and auditors include higher confidence in their asset security, as well as reduced amounts of time and resources needed to analyze security posture and prioritize vulnerability mitigations. An initial version of the tool was tested with 30 beta users from electric utilities and consultant businesses through an evaluation program sponsored by the Department of Homeland Security (DHS). Feedback from beta users and from NERC auditors led the team to believe in a strong commercial opportunity for this project, first in the power industry, and secondly in the broader market of enterprise network owners.
Disruptions of power infrastructures quickly lead to chaotic situations in which human lives are put at risk. Power grid control centers are reliant on IT infrastructures. It is critical to ensure the resiliency of systems and networks through methodical IT security protection, monitoring, and response. Through development and dissemination of automated verification technologies, the proposed work will have an impact on the ability of network operators and security administrators to implement the correct set of rules to keep critical assets out of the reach of cyber adversaries. The ultimate benefit to the power industry and to society at large will be meaningful improvement of the security of an important resource.
