DOE receives first installment of anti-cyberwarfare networking technology

A recent hack at a New York Marriott hotel serves as a wake-up call for hotel security teams.
Computer hacking has become a major concern for network providers.

Veracity Industrial Networks said it has delivered on the first phase of its contract with the Department of Energy to provide SDN-based network infrastructure designed to help the U.S. industry, including power utilities, defend against cyberattacks.

After several recent hacking events that many security analysts believe were instances of cyberwarfare, protecting utilities and other industries is certainly a timely issue.

The DOE awarded the contract in February to a team led by Veracity and also including Schweitzer Engineering Laboratories and Sempra Renewables. Veracity’s expertise is in networking systems based on software defined networking (SDN), specifically for industrial applications.

The contract activity is part of the DOE’s Chess Master project (PDF). Though Chess Master is a follow-on to a previous program called Watchdog, Chess Master is being pursued in part as a response to apparent cyberwarfare activities aimed at the Ukraine, which has been an ongoing target of cyberassailants for at least two years.

The value of the contract with Veracity was not announced, but the DOE has a $5 million budget for the Chess Master Project.

The Chess Master project was designed to research, develop, test and commercialize a security validation and policy enforcement application that connects into a flow controller that manages all field networks centrally.

The contract with the Veracity team at the time it was announced was described as “automating the identification of unwanted network behavior and outside intrusion, the containment of affected network areas and the rerouting of critical information. The ultimate goal is for energy critical delivery and control systems to remain safe and operational, especially in the event of a cyberattack.”

The team is responsible for delivering the following:

  • A security state policy enforcer application that runs on the northbound interface of a flow controller.
  • DIN rail mount software-defined networking (SDN) Ethernet switch.
  • An industrial control system extension to the open source SDN specification using the OpenFlow specification.
  • The ability to apply an action to encrypt/decrypt packets on a per-flow basis and automate key management.