Louisiana is home to many critical assets and companies that are crucial to our nation’s infrastructure. And LSU’s experts are working to conduct research and experiments to prevent and defend against cyber attacks.
According to the U.S. Department of Homeland Security, there are 16 critical infrastructure sectorsconsidered “so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” Those sectors include energy, chemical, nuclear reactors, materials and waste, as well as communications, transportation and emergency services.
“Digital disasters are actually very similar and probably more impactful than a natural disaster,” said Jeff Moulton, executive director of the Stephenson National Center for Security Research & Training or SNCSRT. SNCSRT is home to LSU’s applied research division, as well as its own applied research corporation, Stephenson Technologies Corporation or STC. Together they work with the defense and intelligence communities.
Since 2015, SNCSRThas received more than $100 million in award money. Members of SNCSRT include Stephenson Disaster Management Institute, Carrol L. Herring Fire & Emergency Training Institute, or FETI, Law Enforcement Online, or LEO, National Center for Biomedical Research & Training, or NCBRT, National Center for Disaster Fraud, or NCDF, and the LSU Transformational Technology and Cyber Research Center, or TTCRC.
FETI, STC, TTCRC and their on-campus cyber partner, Huntsville, Ala.-based Radiance Technologies, recently demonstrated a cyber attack on a full-scale industrial system.
“We’re going to launch an attack that makes the heat pump overheat. We’re going to tell that heat pump through digital instructions, to turn the nozzle up as far as it can go, until it completely melts down,” Moulton said. “We’re taking advantage of those flaws in the circuitry, attacking the circuitry, making it look like one thing or that it’s doing one thing but the gages that humans are actually looking at, are telling them something completely different.”
While the 16 types of infrastructure are different, Moulton said they do have one piece in common.
“That is a supervisory controlling data acquisition system, that’s the subcomponent in an industrial control system. The circuitry in those boards is what hackers are targeting. That’s what we’re actually hacking.”
The exercise shows the devastating and real effect a cyber attack could have on our nation’s critical infrastructure, and LSU is working to prevent it from happening.
“What we do is teach students, engineers, the people who are going to work on these systems what to look for, how to know that something is wrong, what are the anomalies, how do we understand what is really, truly happening and how can we prevent someone from tampering with those industrial control systems to start with,” Moulton said. “What are those cyber hygienic things you can take to prevent these things from ever happening to start with?”