How a Free Award-Winning Software Tool for Utilities and Manufacturers Improves Cyber Defense Using Machine Learning

An award-winning project expands the toolbox that helps utilities and manufacturers prevent cybersecurity attacks from affecting the U.S. electric grid. In 2019, The U.S. Department of Energy (DOE) Solar Energy Technologies Office (SETO), in collaboration with other DOE program offices, invested $4.5 million for the development of this first-of-its-kind software tool. The software identifies cybersecurity vulnerabilities in the firmware of devices like solar inverters or controllers and improves the defense of these devices and the electric system.

The Annotated Translated Disassembled Code (@DisCo) software, which can be downloaded online at no cost, allows utilities and equipment manufacturers to automatically detect changes in firmware and find unwanted threats. The @DisCo software performs analysis to determine if the detected changes expose vulnerabilities that can be exploited by a cyber or ransomware attack. First, it uses a powerful, machine-learning capability that compares the different versions of the firmware, each with hundreds of thousands of lines of source code, to detect any inconsistencies; then, it organizes the information using a standardized language for threat structure as well as an intuitive graph-based visualization. Analyzing firmware manually can take months to years with potentially thousands of different types of inverters or controllers in one utility’s system. @DisCo analysis takes only hours to days to conduct vulnerability discovery through code analysis and mitigate the threats.

Once the utility and manufacturer are aware of a possible vulnerability, they can take preventive action to minimize impact to the power system or other critical infrastructures. Utilities and manufacturers can also use the software to easily share the vulnerability information securely with other partners.

SETO, in partnership with other DOE offices including the Office of Cybersecurity, Energy Security, and Emergency Response, funded the @DisCo project through the Grid Modernization Lab Call Fiscal Year 2019-2021. Idaho National Laboratory developed the software. Argonne National Laboratory, National Renewable Energy Laboratory, and Sandia National Laboratories tested it for different technologies and applications. In addition to the national labs, many project partners including universities, utilities, and equipment manufacturers contributed to its development and implementation.