An award-winning project has expanded the toolbox that utilities and manufacturers can use to prevent cyberattacks from impacting the U.S. power grid. In 2019, the American Dept. of Energy (DOE) Solar Energy Technologies Office (SETO), in collaboration with other DOE program offices, $4.5 million toward the development of a first-of-its-kind software tool. The software identifies cybersecurity vulnerabilities in the firmware of devices such as solar inverters or controllers and improves the defense of these devices and the electrical system.
The Annotated translated disassembled code (@DisCo) software, which can be downloaded for free online, allows utility and equipment manufacturers to automatically detect firmware changes and track down unwanted threats. The @DisCo software performs analysis to determine whether the detected changes expose vulnerabilities that could be exploited by a cyber or ransomware attack. First, it uses a powerful machine learning capability that compares the different versions of the firmware, each containing hundreds of thousands of lines of source code, to detect any inconsistencies; It then organizes the information using a standardized threat tree language and an intuitive graph-based visualization. Manually analyzing the firmware can take months to years with potentially thousands of different types of inverters or controllers in one utility system. @DisCo analysis takes just hours to days to discover vulnerabilities through code analysis and mitigate the threats.
Once the utility and manufacturer are aware of a potential vulnerability, they can take preventative action to minimize the impact on the energy system or other critical infrastructure. Tools and manufacturers can also use the software to easily and securely share vulnerability information with other partners.
SETO, in collaboration with other DOE offices including the Office of Cybersecurity, Energy Security and Emergency Response, funded the @DisCo project through the Lab call for grid modernization, fiscal year 2019-2021. Idaho National Laboratory developed the software. Argonne National Laboratory, National Renewable Energy Laboratory and Sandia National Laboratories tested it for various technologies and applications. In addition to the national laboratories, many project partners, including universities, utilities and equipment manufacturers, contributed to its development and implementation.
“The @DisCo project marks the first time solar technologies and other distributed energy resources have access to such a tool, which provides context to binary components with visualizations of code,” said Rita Foster, principal investigator for the @DisCo project at Idaho National. Laboratory. “The @DisCo software helps further protect the U.S. power grid from bad actors and increase grid security.”
The innovation and functionality of the software tool provided @DisCo with a 2023 R&D World Prize in the software and services category. The R&D 100 Awards is a renowned global science and innovation competition with winners from all over the world.
News item from SETO