Publications

Pollock, Guylaine M.; McDonald, Michael J.; Halbgewachs, Ronald D.

This report describes the architectural design for a high fidelity simulation of a refinery and refinery burner, including demonstrations of impacts to the refinery if errors occur during the refinery process. The refinery burner model and simulation are a part of the capabilities within the Sandia National Laboratories Virtual Control System Environment (VCSE). Three components comprise the simulation: HMIs developed with commercial SCADA software, a PLC controller, and visualization software. All of these components run on different machines. This design, documented after the simulation development, incorporates aspects not traditionally seen in an architectural design, but that were utilized in this particular demonstration development. Key to the success of this model development and presented in this report are the concepts of the multiple aspects of model design and development that must be considered to capture the necessary model representation fidelity of the physical systems.

Chavez, Adrian R.; Halbgewachs, Ronald D.

Process Control System (PCS) and Industrial Control System (ICS) security is critical to our national security. But there are a number of technological, economic, and educational impediments to PCS owners implementing effective security on their systems. Sandia National Laboratories has performed the research and development of the OPSAID (Open PCS Security Architecture for Interoperable Design), a project sponsored by the US Department of Energy Office of Electricity Delivery and Energy Reliability (DOE/OE), to address this issue. OPSAID is an open-source architecture for PCS/ICS security that provides a design basis for vendors to build add-on security devices for legacy systems, while providing a path forward for the development of inherently-secure PCS elements in the future. Using standardized hardware, a proof-of-concept prototype system was also developed. This report describes the improvements and capabilities that have been added to OPSAID since an initial report was released. Testing and validation of this architecture has been conducted in another project, Lemnos Interoperable Security Project, sponsored by DOE/OE and managed by the National Energy Technology Laboratory (NETL).

Halbgewachs, Ronald D.

With the Lemnos framework, interoperability of control security equipment is straightforward. To obtain interoperability between proprietary security appliance units, one or both vendors must now write cumbersome 'translation code.' If one party changes something, the translation code 'breaks.' The Lemnos project is developing and testing a framework that uses widely available security functions and protocols like IPsec - to form a secure communications channel - and Syslog, to exchange security log messages. Using this model, security appliances from two or more different vendors can clearly and securely exchange information, helping to better protect the total system. Simplify regulatory compliance in a complicated security environment by leveraging the Lemnos framework. As an electric utility, are you struggling to implement the NERC CIP standards and other regulations? Are you weighing the misery of multiple management interfaces against committing to a ubiquitous single-vendor solution? When vendors build their security appliances to interoperate using the Lemnos framework, it becomes practical to match best-of-breed offerings from an assortment of vendors to your specific control systems needs. The Lemnos project is developing and testing a framework that uses widely available open-source security functions and protocols like IPsec and Syslog to create a secure communications channel between appliances in order to exchange security data.

Halbgewachs, Ronald D.

Abstract not provided.

Halbgewachs, Ronald D.

Abstract not provided.