SolarTechnology

Success Story—@DiSCo’s Rhythm Keeps Hackers Offbeat: How an Award-Winning Software Tool Improves Cyber Defense Using Machine Learning

Success Story Discos Rhythm Keeps Hackers Offbeat How An Award Winning Software Tool Improves Cyber Defense Using Machine Learning

Sign up for daily news updates from CleanTechnica on email. Or follow us on Google News!


An award-winning project expands the toolbox that helps utilities and manufacturers prevent cybersecurity attacks from affecting the U.S. electric grid. In 2019, The U.S. Department of Energy (DOE) Solar Energy Technologies Office (SETO), in collaboration with other DOE program offices, invested $4.5 million for the development of this first-of-its-kind software tool. The software identifies cybersecurity vulnerabilities in the firmware of devices like solar inverters or controllers and improves the defense of these devices and the electric system.

This visualization of @DisCo output shows Trisis Malware impacting the Safety Instrumented System. Idaho National Laboratory

The Annotated Translated Disassembled Code (@DisCo) software, which can be downloaded online at no cost, allows utilities and equipment manufacturers to automatically detect changes in firmware and find unwanted threats. The @DisCo software performs analysis to determine if the detected changes expose vulnerabilities that can be exploited by a cyber or ransomware attack. First, it uses a powerful, machine-learning capability that compares the different versions of the firmware, each with hundreds of thousands of lines of source code, to detect any inconsistencies; then, it organizes the information using a standardized language for threat structure as well as an intuitive graph-based visualization. Analyzing firmware manually can take months to years with potentially thousands of different types of inverters or controllers in one utility’s system. @DisCo analysis takes only hours to days to conduct vulnerability discovery through code analysis and mitigate the threats.

Once the utility and manufacturer are aware of a possible vulnerability, they can take preventive action to minimize impact to the power system or other critical infrastructures. Utilities and manufacturers can also use the software to easily share the vulnerability information securely with other partners.

SETO, in partnership with other DOE offices including the Office of Cybersecurity, Energy Security, and Emergency Response, funded the @DisCo project through the Grid Modernization Lab Call Fiscal Year 2019-2021. Idaho National Laboratory developed the software. Argonne National Laboratory, National Renewable Energy Laboratory, and Sandia National Laboratories tested it for different technologies and applications. In addition to the national labs, many project partners including universities, utilities, and equipment manufacturers contributed to its development and implementation.

“The @DisCo project marks the first time solar technologies and other distributed energy resources have access to a tool of this kind, providing context to binary components with visualizations of code,” said Rita Foster, Principal Investigator for the @DisCo project at Idaho National Laboratory. “The @DisCo software helps further protect the U.S. electric grid against bad actors and bolster grid security.”

The innovation and functionality of the software tool earned @DisCo a 2023 R&D World Award in the software and services category. The R&D 100 Awards is a renowned worldwide science and innovation competition with winners from all over the globe.

To date the software has been shared and used mainly with national laboratories, asset owners and operators and technology providers proving its usefulness among the industry. Looking forward, the @DisCo software tool has a high likelihood of being adopted by companies that use firmware in various devices by commercializing it into a new product or by integrating it into existing software tools.

Systems integration research at SETO supports technologies and solutions that enable solar grid integration while ensuring the reliability, resilience, and security of the electric power system. Learn more about solar cybersecurity and SETO’s systems integration research and development. For more information on this software please reach out to agradmin@inl.gov.

Courtesy of Solar Energy Technologies Office, U.S. Department of Energy.


Have a tip for CleanTechnica? Want to advertise? Want to suggest a guest for our CleanTech Talk podcast? Contact us here.


Latest CleanTechnica.TV Videos

Advertisement



 


CleanTechnica uses affiliate links. See our policy here.



source

Leave a Reply