Sandia Labs FY22 Laboratory Directed Research & Development Annual Report

FY22 ANNUAL REPORT

LDRD IMPACT STORY LDRD-DEVELOPED CRITICAL SYSTEM CYBERSECURITY TECHNOLOGIES HELP GOVERNMENT AGENCIES ENSURE THEY ARE BETTER PROTECTED.

Protecting systems, from a personal computer to the power grid, relies on developing and deploying robust cybersecurity technologies that can respond in the event of an attack. Since the early 2000s, Sandia’s LDRD program has invested in developing such technologies for national security applications, grid security, and homeland security; 10% of Sandia’s R&D 100 awards in the past ten years went to innovative cyber technologies stemming from LDRD. The investments also enhanced Sandia’s reputation as a trusted partner in helping government agencies improve their cyber protections. Three examples of LDRD enabled cyber capabilities are described below. WeaselBoard enables cyber-physical security for DOD assets. The nation’s critical infrastructures (i.e., electrical power plants and oil refineries) use control systems that are vulnerable to targeted attacks that can injure people and cost millions in equipment damage and lost operations. The WeaselBoard, the result of a two-year LDRD project ending in 2013, is a small card that connects into the backplane of an industrial controller, referred to as a Programmable Logic Controller (PLC), that captures traffic between modules and alerts operators to unusual PLC behavior before damage occurs. In 2021, the team completed production readiness reviews for multiple hardware security devices destined for DOD assets. Through a collaborative effort with Kansas City National Security Campus, the team was able to successfully transition this LDRD-funded work, enabling enhanced trust of cyber-physical security devices that will eventually be installed on DOD assets. Read more about how WeaselBoard works. National Cyber Range leverages Emulytics expertise. A portmanteau of emulation and analytics, Emulytics (28 LDRD projects over 15 years) focuses on the science of modeling, simulating, instrumenting, and analyzing

variable-scale networks with dependencies on networked systems. Sandia’s Emulytics™ program is focused on understanding the behavior of complex, distributed cyber systems. Sandia has developed and deployed a suite of cyber emulation, modeling, and analysis tools that support predictive simulation, training, test and evaluation, resilient system design, and more. The tools and expertise developed at Sandia have helped improve the National Cyber

Range, delivering prototypes that make cyber-range environments more realistic. A component of the Emulytics package, minimega, is now available for faculty and students of Purdue (part of

Sandia’s University Partnerships Network) to advance cybersecurity research in discovering security threats in a variety of systems and developing new safeguards. SECURE Grand Challenge facilitates risk metrics for Chemical Facility Anti-Terrorism Facilities. The Science and Engineering of Cybersecurity by Uncertainty Quantification and Rigorous Experimentation (SECURE) Grand Challenge LDRD (2019-2021) developed a foundation for cyber modeling and experimentation that catalyzes the use of quantitative metrics and analytical evidence to inform high-consequence national security decisions. Tools developed from the Grand Challenge are being leveraged to develop aggregated risk metrics across the population of Chemical Facility Anti-Terrorism Standards (CFATS) regulated facilities (DHS), which will help assess the impact of the CFATS program. The Sandia Cyber Institute for Rigorous Experimentation (SCIRE) is an outgrowth of the SECURE Grand Challenge, aiming to transform how the national security community approaches cybersecurity. Read more about SCIRE here.

18