Computer Security Research
Berkeley Lab Computing Sciences Research is an active participant numerous projects areas of computer security. Its mission-driven emphasis has historically focused on security for research cyberinfrastructure, including high-performance computing and high-throughput networking environments, and security of cyber-physical systems, notably in the power grid. These projects include collaborations with numerous other academic, National Lab, and industry partners. R&D sponsors have included the Department of Energy (DOE) ASCR and CEDS R&D programs, the National Nuclear Security Administration (NNSA), the National Science Foundation (NSF) SaTC program and OAC office, and the National Security Agency, among others.
LBNL has had a leadership role in security in scientific computing environments for many years, including the development of the Zeek (Bro) Network Security Monitor, as well as leading several DOE-sponsored activities related to defining a cybersecurity research program within the DOE. More recently, LBNL led the coordination of the “Cyber R&D” Enterprise Cyber Capability (ECC) of the DOE-wide Integrated Joint Cybersecurity Coordination Center (iJC3) — a sponsored R&D program involving ten DOE National Laboratories as performers. LBNL is the lead institution of Trusted CI, the NSF Cybersecurity Center of Excellence.
Learn more at the LBNL Cybersecurity R&D Web Site.
A partial listing of current projects is as follows:
- Data Enclaves for Scientific Computing. This project will develop secure computation architectures to ensure trustworthiness of scientific data while addressing the gaps left by existing solutions for scientific workflows to address the specific power, performance, and usability, and needs from the edge to the HPC center. It is led by Sean Peisert, Venkatesh Akella, and Jason Lowe-Power. See Data Enclaves for Scientific Computing website.
- Trusted CI — the National Science Foundation Cybersecurity of Excellence. The mission of Trusted CI is to improve the cybersecurity of NSF computational science and engineering projects, while allowing those projects to focus on their science endeavors. Sean Peisert is Director and PI of Trusted CI. See Trusted CI project website.
- Privacy-Preserving, Collective Cyberattack Defense of DERs. This project aims to develop, apply, and test a technique for enabling collective defense of distribution grids with significant penetration of distributed energy resources (DER) and responsive loads (particularly Electric Vehicles), by leveraging a privacy-preserving method of data sharing without exposing raw data that might contain personally identifiable information (PII) from individual consumers or buildings or that might otherwise be considered national security information that could be leveraged by adversaries to more effectively compromise and potentially destabilize portions of the electric grid. We envision creating a software platform to allow utilities to share relevant cybersecurity information with one another in a manner that does not compromise the privacy of customers in their service territories. In doing so, we hope to reduce the reluctance of utilities to share information that can be used to harden other networks by reducing privacy-related liabilities associated with grid operational technology (OT) data. It is funded by DOE CESER's RMT program and is led by Sean Peisert. See CESER ShielDERs project website.
- Mitigation via Analytics for Inverter-Grid Cybersecurity (MAGIC). Project MAGIC will develop artificial intelligence and machine learning algorithms to detect and mitigate cyber attacks on aggregations of Distributed Energy Resources (DER). The developed algorithms will be demonstrated in hardware-in-the-loop testing and integrated into an open source simulation tool. It is funded by DOE CESER’s RMT program and is led by Daniel Arnold. See MAGIC project website.
- Using Fuzz Testing to Detect Software Tampering. It is essential to have the ability to verify that software operating on arms control monitoring equipment is within agreed parameters and has not undergone modification. Existing approaches to ensuring the absence of tampering are outdated and are easily defeated by a motivated adversary. Specifically, we use a coverage-guided, gray-box fuzzing approach to test the response of binaries to a wide range of inputs to increase confidence that the binary is behaving as expected. Our approach brings modern software analysis tools to bear to address today’s challenges. Success in our project would enable identification of a critical mass of alterations of a software’s logic that have the potential to affect the output of the nuclear monitoring software, and provide a different result to inspectors. This project is supported by the National Nuclear Security Administration Office of Defense Nuclear Nonproliferation Research and Development and is led by Sean Peisert. See nuclear fuzzing project web site.
- Data Enclaves for Secure Computing (DESC): Enabling Secure Nuclear Treaty Verification in Hostile Environments. This project will create a secure computational data enclave continuum to ensure end-to-end security of nuclear treaty verification or safeguards data from the sensor through to the analysis and detection. This project is supported by the National Nuclear Security Administration Office of Defense Nuclear Nonproliferation Research and Development and is led by Sean Peisert, Venkatesh Akella, David Archer, and Jason Lowe-Power.
- Privacy-Preserving Data Analysis for Scientific Discovery. This project aims to produce methods, processes, and architectures applicable to a variety of scientific computing domains that enables querying, machine learning, and analysis of data while protecting against releasing sensitive information beyond pre-defined bounds. It is supported by LBNL CSR funds and is led by Sean Peisert. See Privacy-Preserving Data Analysis project website.
Several recent projects include the following:
- Provable Anonymization of Grid Data for Cyberattack Detection. This project aims to develop techniques for enabling data analysis for the purposes of detecting and/or investigating cyberattacks against energy delivery systems while also preserving aspects of key confidentiality elements within the underlying raw data being analyzed. The result will be a complete solution for anonymization of data collected from OT and IT networks pertaining to energy grid cyberattack detection that has been tested for its ability to retain privacy properties and still enable attack detection. It is funded by DOE CESER's CEDS program and is led by Sean Peisert. See CEDS Privacy project website.
- Securing Automated, Adaptive Learning-Driven Cyber-Physical System Processes. This project is developing secure machine learning methods that will enable safer operation of automated, adaptive, learning-driven “cyber-physical system” processes. It is funded by an LBNL LDRD and is co-led by Sean Peisert and Daniel Arnold. See Secure Automated Control project website.
- Supervisory Parameter Adjustment for Distribution Energy Storage (SPADES). This project is developing the methodology and tools allowing Electric Storage Systems (ESS) to automatically reconfigure themselves to counteract cyberattacks, both directly against the ESS control systems and indirectly through the electric grid. It is funded by DOE CESER's CEDS program and is led by Daniel Arnold. See CEDS SPADES project website.
- Securing Solar for the Grid (S2G). This project aims to develop an understanding of security and performance requirements for the use of AI high solar / IBR / DER penetration scenarios, and also to develop an understanding of understanding power grid data confidentiality and privacy requirements. It is funded by DOE’s SETO office and is co-led by Sean Peisert and Daniel Arnold. See S2G project website.
- AOSCSWAP: Study of Academic, Open Source, and COTS Software Assurance Products. In this project, LBNL will help inform DHS S&T regarding the state of the art in software assurance tools and capabilities. It is funded by DHS S&T and is led by Sean Peisert. See AOCSCSWAP project website.
- UC-Lab Center for Electricity Distribution Cybersecurity. This project will bring together a multi-disciplinary UC-Lab team of cybersecurity and electricity infrastructure experts to investigate, through both cyber and physical modeling and physics-aware cybersecurity analysis, the impact and significance of cyberattacks on electricity distribution infrastructure. It is funded by the UC-Lab Fees Research Program. The overall project is led by Hamed Mohsenian-Rad; the LBNL portion is led by Sean Peisert. See UC-Lab Center project website.
- Toward a Hardware/Software Co-Design Framework for Ensuring the Integrity of Exascale Scientific Data. This project takes a broad look at several aspects of security and scientific integrity issues in HPC systems. It is funded by DOE ASCR and is led by Sean Peisert. See Scientific Computing Integrity project website.
- Byzantine Security — Multi-layered Intrusion Tolerant Byzantine Architecture for Bulk Power System Protective Relays, This project aims to explore applications of a Byzantine Fault Tolerant (BFT) architecture in combination with ML/AI methods to ensure that the bulk power system, including protective relays in the transmission grid, and associated substation and control center systems, can perform intrusion tolerant operations. It is funded by the DOE Grid Modernization Initiative. The LBNL portion of this effort is led by Sean Peisert. See Byzantine Security project website.
- Cybersecurity via Inverter-Grid Automatic Reconfiguration (CIGAR). This project is performing R&D to enable distribution grids to adapt to resist a cyber-attack by (1) developing adaptive control algorithms for DER, voltage regulation, and protection systems; (2) analyze new attack scenarios and develop associated defensive strategies. It is funded by DOE's CEDS program and is co-led by Sean Peisert and Daniel Arnold. See CEDS CIGAR project website.
- Democratizing Health Research Through Privacy-Protecting Synthetic Data. This project aims to enable significantly broader use of health data by creating differentially private synthetic data sets. This project will also contribute to solutions for the focus on the coronavirus pandemic. It is supported by the UC Davis CeDAR. See Synthetic Data Privacy project website.
- Threat Detection and Response with Data Analytics. This project is developing technologies and methodologies to protect the grid from advanced cyber and all-hazard threats through the collection of disparate data and the employment of advanced analytics for threat detection and response. The project is funded by DOE OE's CEDS program as part of the DOE Grid Modernization Initiative. The project is led by LLNL, co-led by Sean Peisert at LBNL, and also includes partnerships with INL, ORNL, PNNL, and SNL. Utility partners include the Electric Power Board (EPB), National Rural Electric Cooperative Association (NRECA). See Threat Detection and Response with Data Analytics project website.
- Integrated Multi Scale Machine Learning. This project’s overarching goal is to create advanced, distributed data analytics capability within the DOE GM Consortium, to provide visibility, and controllability to distribution grid and building operators. The project is funded by DOE EERE and DOE OE as part of the DOE Grid Modernization Initiative. The project is led by LLNL. Sean Peisert is the lead at LBNL. It als includes partnerships with LANL, NREL, ORNL, and SNL Utility partners include the Riverside Public Utilities and Florida Power and Light. Vendor partners include National Instruments, PingThings, and Power Standards Laboratory. See Integrated Multi Scale Machine Learning project website.
- An Automated, Disruption Tolerant Key Management System for the Power Grid. This project is designing and developing a key management system to meet the unique requirements of electrical distribution systems (EDSs). It is funded by DOE OE's CEDS program, is a partnership with PNNL, and is led at LBNL by Sean Peisert. See Power Grid Key Management project website.
- Network Measurement, Analysis and Visualization. NetSage is a network measurement, analysis and visualization service funded by the National Science Foundation and is designed to address the needs of today's international networks. This project is co-led by Sean Peisert at LBNL. See NetSage project website.
- Cyber Security of Power Distribution Systems by Detecting Differences Between Real-time Micro-Synchrophasor Measurements and Cyber-Reported SCADA. This project is using micro-PMU measurements and SCADA commands to develop a system to detect cyberattacks against the power distribution grid. It is funded by DOE OE's CEDS program and is led by Sean Peisert. See µPMU Cyber Security project website.
- Distributed Detection of DDoS Attacks on the WAN. This project is examining ways in which operators of wide-area networks (WANs) cam better use their vantage points to detect DDoS attacks before they reach individual sites. It is particularly focused on large-scale science traffic as seen in ESnet and certain other national and regional "research and education" networks. This project is funded by DOE's iJC3 Cyber R&D program and is led by Sean Peisert at LBNL. See DDoS Detection project website.
- Inferring Computing Activity Using Physical Sensors. This project is using power data to identify computational operations, particularly in high-performance and cloud computing environments. This project is led by Sean Peisert at LBNL. See project website for inferring computing activity with power data.
- Application of Cyber Security Techniques in the Protection of Efficient Cyber-Physical Energy Generation Systems. This project was funded by DOE OE's CEDS program and was co-led by Chuck McParland and Sean Peisert. Specifically, we designed and developed a security monitoring and analysis framework for control systems. The goal was to integrate the monitoring and analysis of network traffic and serial communication with an understanding of physical device constraints within a single intrusion detection system (IDS) to enhance resilience of cyber physical systems. See CPS security project website.
- DALHIS – Data Analysis on Large-scale Heterogeneous Infrastructures for Science. The DALHIS associate team is a collaboration between the Myriads Inria project-team (Rennes, France), Avalon Inria project-team (Lyon, France) and the LBNL Data Science and Technology (DST) department (Berkeley, USA). This portion of the DAHLIS project focus on cybersecurity to enable an integrated scientific data analysis ecosystem to accelerating the pace of scientific insight.
- A Mathematical and Data-Driven Approach to Intrusion Detection for High-Performance Computing. In this project, CRD researchers developed mathematical and statistical techniques to analyze the access and use of high-performance computer systems. This project was funded by the U.S. Department of Energy's Applied Mathematics Section. LBNL, which was the lead institution for the project, also funded UC Davis and the International Computer Science Institute (ICSI) at UC Berkeley in this activity via subcontracts from LBNL. See Mathematical Approach to Intrusion Detection in HPC project website.
- Our work in computer forensics has sought to establish a rigorous, scientific model of forensic logging and analysis that is both efficient and effective at establishing the data that is necessary to record in order to understand past events. While forensics traditionally looks at available data and attempts to draw conclusions from it, we, in contrast, seek to understand the questions that we want to answer, and then derive what data is necessary to support answers to those questions. In the past, this work has been supported by the Institute for Information Infrastructure Protection (I3P). At LBNL, this project is led by Sean Peisert. See computer forensics research project website.
- Our work in the insider threat also takes a non-traditional approach. Whereas, security has traditionally been defined with respect to a perimeter, using static and binary access control decisions, we assert that such a perimeter no longer exists and that traditional access control techniques inhibit authorized users from performing their job. We define the "insider threat" as a combination of (a) access to a particular resource, (b) knowledge of a particular resource, and/or (c) trust of an individual by a particular organization. Moreover, the insider threat is clearly also not binary, but a spectrum of "insiderness" based on the aforementioned qualities. We seek to develop access control solutions that integrate this understanding in combination while also being informed by social science of how users may react most optimally to system access control and countermeasures. At LBNL, this project was led by Sean Peisert. See insider threat research project website.
- Symbiosis in Byzantine Fault Tolerance and Intrusion Detection. This project was funded by NSF's SaTC program, and was co-led by Sean Peisert. The theme of this effort was to integrate Byzantine fault-tolerance (BFT) into intrusion detection systems (IDS), at both the fundamental and system levels, thereby improving both BFT and IDS. potential to improve BFT. See BFT+IDS project website.
- This seed project looked at defining means for understanding what data can be sanitized, and how. Traditional techniques often either make data unusable for research or operational purposes or fail to completely sanitize the data. Thus, our data sanitization work built on past techniques by also using an "open world" assumption. We also asked, what are the relationships between data fields that would need to be made in order to reveal certain information, what associations need to be protected in order to conceal certain information, and, finally, given policy constraints by the different stakeholders, can a dataset be sanitized in a way that satisfies the policies of all of those people, or would certain compromises to one or more policies need to be made? At LBNL, this project was led by Sean Peisert and was funded by the Institute for Information Infrastructure Protection (I3P). See data sanitization research project website.
- The Hive Mind: Applying a Distributed Security Sensor Network to GENI. This project was funded by NSF's CISE Directorate, and was led by Sean Peisert. The project sought to define and prototype a security layer using a method of intrusion detection based on mobile agents and swarm intelligence. The project's goal was to provide a lightweight, decentralized, intrusion detection method that is adaptable to changing threats while communicating suspicious activity across hierarchical layers to humans who can respond when needed. The goal was to augment, not replace, more traditional security mechanisms. See Hive Mind project website.
- Host and Network Resilience. LBNL's component of this project focused on mapping and analyzing the qualities of resilient networks by investigating components of redundancy, diversity, quality of service, etc... The project's goal is to be able to quantify and compare the resilience of networks in a scientifically meaningful way. See Resilience project website.
- Secure and Private Acquisition, Storage, and Analysis of Medical Sensor Data. This project is developing a system-based workflow to securely acquire wireless data from mechanical ventilators in critical care environments, and leverage scalable web-based analytic platforms to advance data analytics and visualization of issues surrounding patients with respiratory failure. See Medical project website.
- NNSA Cyber Sciences Lab (CSL). Using seed funding from the NNSA CIO, this consortium of eight DOE laboratories worked to form an enduring, national computer security research laboratory to address cybersecurity threats. Research efforts that the laboratory would address ranged from very short-range, tactical issues that leverage current capabilities, to very long-range research with results and solutions that may not be deployable for over 20 years. LBNL's effort was led by Deb Agarwal and Sean Peisert. See NNSA Network Vision website.
About Berkeley Lab
Founded in 1931 on the belief that the biggest scientific challenges are best addressed by teams, Lawrence Berkeley National Laboratory and its scientists have been recognized with 16 Nobel Prizes. Today, Berkeley Lab researchers develop sustainable energy and environmental solutions, create useful new materials, advance the frontiers of computing, and probe the mysteries of life, matter, and the universe. Scientists from around the world rely on the Lab’s facilities for their own discovery science. Berkeley Lab is a multiprogram national laboratory, managed by the University of California for the U.S. Department of Energy’s Office of Science.
DOE’s Office of Science is the single largest supporter of basic research in the physical sciences in the United States, and is working to address some of the most pressing challenges of our time. For more information, please visit energy.gov/science.