In our connected world, we are increasingly online.
Thanks to the Internet, we can order goods, watch videos, chat with friends, control our thermostats and even answer the doorbell — all from the convenience of our laptop or smartphone.
Unfortunately, the same technologies that make our lives easier also can be misused. Cyberattacks pose a serious and growing risk to personal privacy, the economy and national security. These risks exploit system complexity and human foibles: an improperly set switch or an ill-advised double-click can lead to catastrophic consequences for individuals and businesses alike.
The Department of Energy’s Pacific Northwest National Laboratory is working to combat these threats. We are not alone in these efforts, of course. I was on Capitol Hill last month for the release of a national cybersecurity agenda prepared by the U.S. Council on Competitiveness. It highlights several of the risks facing business and government, and makes a number of recommendations to counter them.
PNNL scientists and engineers are addressing many of the report’s priorities, including protecting critical infrastructure, advancing technology solutions and developing the future workforce.
With expertise in computer science and data analytics, and more than two decades of cybersecurity research and development experience, PNNL is helping to detect cyber risks, as well as prevent and recover from actual attacks.
Consider, for example, the nation’s critical infrastructure, which includes 16 sectors such as energy, healthcare, transportation and financial services.
According to a 2017 Pentagon report, “For at least the next decade, the offensive cyber capabilities of our most capable adversaries are likely to far exceed the United States’ ability to defend critical infrastructures.”
PNNL is helping to protect the electric grid through a partnership with utilities that account for nearly 80 percent of the nation’s bulk transmission. We do this by analyzing various data, including those shared voluntarily by system owners and operators participating in the program.
Any evidence of a threat is quickly shared with all participants, improving their ability to prepare and respond.
PNNL researchers also develop cybersecurity tools that can be used in myriad applications. For instance, we are addressing emerging risks associated with exponential growth in the number of connected devices. Millions of these devices — from temperature sensors and HVAC switches to smart routers and voice-assisted gadgets — have been installed on various networks, providing hackers with new entry points.
One PNNL-developed technology has already been installed on water-treatment facility networks in Oklahoma. This visual analytic tool, called Clique, improves analysts’ situational awareness by presenting an overview of network traffic, comparing it with “expected” behavior and highlighting any unusual activity. It allows analysts to examine individual machines, buildings or sites to determine the suspicious source.
Another PNNL tool, StreamWorks, analyzes the continuous streams of data that flow between computers, users and applications. The speed at which this patent-pending software can identify patterns of cyberattacks is orders of magnitude faster than current methods. It also helps analysts sift through thousands of alerts, highlighting specific threats and why they may require immediate attention.
Finally, PNNL is helping to train tomorrow’s cyber defenders.
We recently signed an agreement with the University of Texas at San Antonio, one of the nation’s top cyber schools, to do collaborative research and host students. We soon will welcome a dozen college teams as part of DOE’s annual CyberForce Competition, in which the teams protect critical infrastructure from simulated attacks.
These are just two ways we are encouraging students to pursue careers in cybersecurity. And the demand is certainly there, with an estimated 1.5 million open jobs in 2019.
Protecting our nation’s economy and critical infrastructure are formidable challenges, but at PNNL, we are developing innovative solutions, collaborating with industry and mentoring tomorrow’s workforce to help make the cyber world safer.