Abstract: Technology related to blockchain cybersecurity solutions and a blockchain applicability framework is disclosed. In one example of the disclosed technology, a system is configured to store, in a database, a plurality of cryptographically-signed records of data transmitted between an asset and a utility historian, and store, in a distributed ledger, a respective hash value corresponding to each record of the database. The system can be further configured to verify a selected record by recomputing a hash value corresponding to the selected record and comparing the recomputed hash value to the respective hash value stored in the distributed ledger in correspondence with the selected record.

Abstract: Technology related to blockchain cybersecurity solutions and a blockchain applicability framework is disclosed. In one example of the disclosed technology, a system is configured to receive parameters for a blockchain candidate application and evaluate the parameters to determine a recommendation for types of blockchain to apply to the candidate application. The recommendation may be based on an evaluation of the parameters to determine a level of applicability of blockchain usage, a level of applicability of one or more blockchain privacy types, and a level of applicability of one or more blockchain consensus types. The system may be configured to calculate an overall percentage distribution of the levels of applicability and to output an indication of the overall percentage distribution.

Abstract: A cybersecurity distributed ledger is provided herein for managing, tracking, auditing, and securing assets in a power infrastructure. The cybersecurity distributed ledger may include a blockchain, and may combine with smart contract or smart negotiation technology, such as in a permissioned proof of authority blockchain. The cybersecurity distributed ledger may manage the complete life cycle of a grid asset, from asset requirement and specification, through production, testing, deployment, maintenance, and retirement. The cybersecurity distributed ledger may create an immutable record of the grid asset, which may be audited for regulatory compliance or build or development compliance. Further, the cybersecurity distributed ledger may store unique identifying information for a grid asset, which may be used to detect a security breach or other tampering with a grid asset. The cybersecurity distributed ledger may also track control or ownership of the grid asset, as well as changes or updates to the grid asset.

Abstract: Systems, methods, and computer media for mitigating cybersecurity vulnerabilities of systems are provided herein. A current cybersecurity maturity of a system can be determined based on maturity criteria. The maturity criteria can be ranked based on importance. Solution candidates for increasing the cybersecurity maturity of the system can be determined based on the ranking. The solution candidates specify cybersecurity levels for the maturity criteria. A present state value reflecting the current cybersecurity maturity of the system can be calculated. For the solution candidates, an implementation state value and a transition state value can be determined. The implementation state value represents implementation of the maturity levels of the solution candidate, and the transition state value represents a transition from the present state value to the implementation state value.

Abstract: This document describes techniques, apparatuses, and systems for a blockchain-based transactive energy system. A blockchain-based transactive energy system receives a bid associated with a supply/demand curve of a utility from a transactive node through a smart contract. A universal identifier associated with the bid may be verified by consensus nodes of the blockchain-based transactive energy system to determine a verified set of bids. The universal identifier or other data associated with the bid may be stored in an immutable database provided by a blockchain. Based on the verified set of bids, a market-clearing price of the utility may be determined and used to satisfy the bid of the transactive node according to an actual production or consumption of the utility by the transactive node. The actual production or consumption of the utility may be stored in the immutable database for future audits or verification.

Abstract: Techniques and apparatuses are described for a cybersecurity risk management tool to assess cybersecurity risk and prioritize cybersecurity correction plans. The cybersecurity risk management tool categorizes cybersecurity framework security controls into maturity indicator levels, identifies implementation states achieved by an entity with respect to the cybersecurity framework security controls, and determines which of the maturity indicator levels represents the implementation state achieved by the entity with respect to each of the cybersecurity framework security controls. A cost-benefit analysis for modifying from the implementation state achieved by the entity to a next implementation state to be achieved by the entity with respect to the cybersecurity framework security controls is also enabled. The cost-benefit analysis leverages factored weights including aspects indicative of security perspectives, Gaussian distributions, and the maturity indicator levels.

Abstract: Technology related to evaluating cyber-risk for synchrophasor systems is disclosed. In one example of the disclosed technology, a method includes generating an event tree model of a timing-attack on a synchrophasor system architecture. The event tree model can be based on locations and types of timing-attacks, an attack likelihood, vulnerabilities and detectability along a scenario path, and consequences of the timing-attack. A cyber-risk score of the synchrophasor system architecture can be determined using the event tree model. The synchrophasor system architecture can be adapted in response to the cyber-risk score.

Abstract: Technology related to risk-informed autonomous adaptive cyber controllers is disclosed. In one example of the disclosed technology, a method includes generating probabilities of a cyber-attack occurring along an attack surface of a network. The probabilities can be generated using sensor and operational data of a network as inputs to an attack graph. The risk scores can be determined using a plurality of fault trees and the generated probabilities from the attack graph. The respective risk scores can correspond to respective nodes of an event tree. The event tree and the determined risk scores can be used to determine risk estimates for a plurality of configurations of the network. The risk estimates for the plurality of configurations of the network can be used to reconfigure the network to reduce a risk from the cyber-attack.

Abstract: Method include receiving banner information from one or more queries of a network connecting a set of devices, wherein the banner information of one or more of the devices includes common vulnerability and exposure identifiers (CVEs) and the banner information of one or more of the devices does not include a CVE, identifying the devices based on the banner information including classifying devices without known CVEs by a device type, determining vulnerability scores for the devices with known CVEs based on retrieved CVE information, and determining vulnerability scores for the devices without CVEs based on a series of exploitability and impact parameter estimates associated with the device type classifications. Some methods include estimating a cyberattack vulnerability risk for the devices using the determined vulnerability scores.

Abstract: Methods can include accessing an organizational framework describing an organization, wherein the organizational framework comprises one or more relational matrices defining matrixed interdependencies between business functions, business processes, engineering applications, assets, responsible entities, and facilities of the organization, and using the relational matrices to compute a criticality of an asset, engineering application, or business process, and using a computed criticality to compute a value at risk or a value of a consequence to the organization.

Abstract: A cybersecurity distributed ledger is provided herein for managing, tracking, auditing, and securing assets in a power infrastructure. The cybersecurity distributed ledger may include a blockchain, and may combine with smart contract or smart negotiation technology, such as in a permissioned proof of authority blockchain. The cybersecurity distributed ledger may manage the complete life cycle of a grid asset, from asset requirement and specification, through production, testing, deployment, maintenance, and retirement. The cybersecurity distributed ledger may create an immutable record of the grid asset, which may be audited for regulatory compliance or build or development compliance. Further, the cybersecurity distributed ledger may store unique identifying information for a grid asset, which may be used to detect a security breach or other tampering with a grid asset. The cybersecurity distributed ledger may also track control or ownership of the grid asset, as well as changes or updates to the grid asset.

Abstract: Technology related to blockchain cybersecurity solutions and a blockchain applicability framework is disclosed. In one example of the disclosed technology, a system is configured to store, in a database, a plurality of cryptographically-signed records of data transmitted between an asset and a utility historian, and store, in a distributed ledger, a respective hash value corresponding to each record of the database. The system can be further configured to verify a selected record by recomputing a hash value corresponding to the selected record and comparing the recomputed hash value to the respective hash value stored in the distributed ledger in correspondence with the selected record.

Abstract: Technology related to blockchain cybersecurity solutions and a blockchain applicability framework is disclosed. In one example of the disclosed technology, a system is configured to receive parameters for a blockchain candidate application and evaluate the parameters to determine a recommendation for types of blockchain to apply to the candidate application. The recommendation may be based on an evaluation of the parameters to determine a level of applicability of blockchain usage, a level of applicability of one or more blockchain privacy types, and a level of applicability of one or more blockchain consensus types. The system may be configured to calculate an overall percentage distribution of the levels of applicability and to output an indication of the overall percentage distribution.

Abstract: Apparatus and methods are disclosed for producing configuration recommendations and implementing those recommendations in a computing environment. In some examples, a browser-based tool is provided that allows hardware and software developers to assess the maturity level of their design and development processes, allows management to determine desired maturity levels in seven domains, and allows developers to monitor process maturity improvements against management goals. The disclosed technologies can be used by commercial software developers as well as internal development organizations.

Abstract: Systems, methods, and computer media for mitigating cybersecurity vulnerabilities of systems are provided herein. A current cybersecurity maturity of a system can be determined based on maturity criteria. The maturity criteria can be ranked based on importance. Solution candidates for increasing the cybersecurity maturity of the system can be determined based on the ranking. The solution candidates specify cybersecurity levels for the maturity criteria. A present state value reflecting the current cybersecurity maturity of the system can be calculated. For the solution candidates, an implementation state value and a transition state value can be determined. The implementation state value represents implementation of the maturity levels of the solution candidate, and the transition state value represents a transition from the present state value to the implementation state value.

Abstract: Techniques and apparatuses are described for a cybersecurity risk management tool to assess cybersecurity risk and prioritize cybersecurity correction plans. The cybersecurity risk management tool categorizes cybersecurity framework security controls into maturity indicator levels, identifies implementation states achieved by an entity with respect to the cybersecurity framework security controls, and determines which of the maturity indicator levels represents the implementation state achieved by the entity with respect to each of the cybersecurity framework security controls. A cost-benefit analysis for modifying from the implementation state achieved by the entity to a next implementation state to be achieved by the entity with respect to the cybersecurity framework security controls is also enabled. The cost-benefit analysis leverages factored weights including aspects indicative of security perspectives, Gaussian distributions, and the maturity indicator levels.

Abstract: Technology related to evaluating cyber-risk for synchrophasor systems is disclosed. In one example of the disclosed technology, a method includes generating an event tree model of a timing-attack on a synchrophasor system architecture. The event tree model can be based on locations and types of timing-attacks, an attack likelihood, vulnerabilities and detectability along a scenario path, and consequences of the timing-attack. A cyber-risk score of the synchrophasor system architecture can be determined using the event tree model. The synchrophasor system architecture can be adapted in response to the cyber-risk score.

Abstract: Technology related to risk-informed autonomous adaptive cyber controllers is disclosed. In one example of the disclosed technology, a method includes generating probabilities of a cyber-attack occurring along an attack surface of a network. The probabilities can be generated using sensor and operational data of a network as inputs to an attack graph. The risk scores can be determined using a plurality of fault trees and the generated probabilities from the attack graph. The respective risk scores can correspond to respective nodes of an event tree. The event tree and the determined risk scores can be used to determine risk estimates for a plurality of configurations of the network. The risk estimates for the plurality of configurations of the network can be used to reconfigure the network to reduce a risk from the cyber-attack.