Sensus has announced a partnership with EnerNex and Oak Ridge National Laboratory to conduct a demonstration of the Automated Vulnerability Detection system. The AVUD project, funded by the Office of Electricity Delivery and Energy Reliability, U.S. Department of Energy, is developing a system for cyber security vulnerability detection in smart grid components. The system, known as the Function Extraction or FX system, will apply the newly developed technology of software behavior computation. The project will initially focus on improving security in software that controls smart meters.
As part of the joint collaboration, Sensus is providing smart meter architecture, firmware and source code to be evaluated, with EnerNex contributing expertise in evaluating smart grid utility technologies. ORNL devised the Function Extraction (FX) technology evaluation platform to perform static analysis of the compiled software and device firmware. FX technology is a powerful analytical technique that will be used to:
- Compute the behavior of software in all circumstances of use to determine everything it does
- Detect inclusion of both unintended and maliciously inserted vulnerabilities in smart grid components
Cyber security for energy delivery systems has emerged as one of the nation’s most serious grid modernization and infrastructure protection issues. A team of ORNL and EnerNex cyber security experts is currently completing development of the AVUD system and will be demonstrating the technology with Sensus. High-Performance Computing (HPC) capabilities available at ORNL will be employed in the analysis. Success with this demonstration project could ultimately present opportunities to improve reliability and security for other smart grid components.
According to Sandy Bacik, principal consultant, AVUD co-principal investigator at EnerNex, once the AVUD project is complete, the FX technology could prove beneficial in the development life cycle for smart grid components in tandem with ongoing quality assurance testing.
“The software present in smart meters is the initial target for this effort,” Bacik said. “While testing can only provide information about the specific scenarios actually observed, static analysis with FX can provide information about system behavior under any circumstances of use, and provides a significantly more robust means of vulnerability detection.”
Rick Linger, Senior Cyber Security Researcher, AVUD co-principal investigator at ORNL, said, “It is our hope and anticipation that this gives us a more powerful analysis capability to detect any vulnerabilities that may be present in the code.”