Defending America’s Critical Infrastructure
Continuous real-time cybersecurity protection for OT systems
- Robust early warning system for the broader critical infrastructure community
- Essential for cybersecurity and operating engineers to protect both OT and IT systems against unknown, emerging threats
- Combined OT/IT deep packet inspection goes beyond anomaly detection to provide cyber-physical threat intelligence for informed, swift action
- Elevates cyber awareness for coordinated response for internal and external stakeholders via secure information-sharing techniques
- Lower total cost of ownership compared to similar technologies
The industry’s most secure protection layer.
In 2014, the U.S. Department of Energy (DOE) and the National Rural Electric Cooperative Association (NRECA) recognized the pressing need for a complete cybersecurity solution for the vulnerabilities of our nearly 900 electric cooperatives.
Since then, Essence has been built from the ground up, by a world-class development team on behalf of NRECA and its co-ops.
The Cyber Advantage
Properly monitoring power grids requires a full understanding of allowable payload structure and content in order to identify malicious or anomalous
behaviors. Essence leverages multi-domain situational awareness based on years of dedicated research to flag in real-time any deviations from normal
grid and network communications behavior.
The Essence platform has detected a diverse set of vulnerabilities both at the grid and communications levels, and has worked directly
with utilities, their vendors and their grid equipment OEMs to patch cyber vulnerabilities present across their OT asset networks.
The Operational Advantage
When communications are streamed from an endpoint to a SCADA head-end, the SCADA makes operational decisions and sends out subsequent commands to OT components.
However, networks can drop out or be misconfigured and the SCADA may fail to make proper decisions.
Essence automatically alerts technical staff when any of a resulting host of issues occurs – for example, when communications deviate from regular frequency or when cellular data appears over-propagated. In one case, within just minutes of deployment, Essence found a “stuck” RTU in a misconfigured grid network which had been costing the utility thousands of dollars per month in cellular data bills, and worked directly with the technical staff to rectify the issue immediately.
Case Study
The Defense Advanced Research Projects Agency (DARPA) planned an end-to-end integration project on a live test grid on Plum Island, NY to develop and test tools that enable the restoration of critical infrastructure devastated through natural disasters and targeted cyberattacks.
GridState, a core component of the Essence platform, was selected by DARPA among exclusive participants for testing and evaluation. GridState captures utility network traffic and detects anomalies through advanced processing techniques, providing real-time situational awareness on the power grid.
GridState proved itself uniquely successful among competitors in identifying and characterizing DARPA’s simulated cyber threats. This gave NRECA additional confidence that Essence was not only commercially viable but a critical need across the electric system, paving the way for Essence’s deployment at the more than 100 utilities it protects today.
THE FULL ESSENCE STACK
C4
Dynamic asset discovery with enhanced flow capture
Essence C4 (Cybersecurity, Collection, Communication, Collaboration) provides dynamic discovery of SCADA/OT network assets as a self-documentation and validation tool with awareness of configuration protocols, ports, packet metrics, and cadence.
If a new device joins the network, C4 provides immediate awareness.
When the communication behavior model of a network node changes, C4 captures and dynamically displays the new patterns.
GridState
Real-time grid, OT, and IT situational awareness
Essence’s GridState module passively observes SCADA/OT/IT traffic for ground truth and grid situational awareness.
GridState enables system operators to set custom alarms for critical loads and OT and IT components, which complement Essence’s Rules Engine.
GridState can operate in virtualized machines or within Essence’s proprietary hardware stack.
Analytics
Grid and cyber anomaly detection
Essence Analytics uses a combination of rules and advanced algorithms to capture when OT network behavior deviates from acceptable conditions.
Violations are captured and escalated within milliseconds, while interactive dashboards enable deeper forensics on discovered threat indicators.
Through a series of advanced flexible APIs, Essence Analytics can provide awareness and interoperability to a wider compatible software ecosystem.
IRMS
Incident Response Management System with local control of information dissemination and distribution
The Incident Response Management System (IRMS) enable users to control incident information sharing and flow.
Customers retain complete data ownership while reporting only critical data needed for situational awareness, trusted federation, shared investigation and cooperative response.
TAG
Trusted Advisory Group coordinates bidirectional information sharing
As part of an ecosystem and hierarchy of infrastructure for cyber protection, the Essence TAG enables trusted communities of Essence users to aggregate their information and monitoring to common authorities pooling resources for efficient and effective response to threat events.
The Essence TAG is designed with software APIs that can provide easy integration into external platforms that already exist such as a national level of threat information collection or sharing capability.
TIE
API-enabled Threat Information Exchange + escalation to external authorities & agencies
Essence Threat Information Exchanger (TIE) unlocks national collaboration and response with key stakeholders tasked with protecting threat landscape impacts.
TIE enables users to interactively participate in the protection of our nation’s power grids and other critical infrastructure in a protected secure environment.
The TIE also facilitates information-sharing and collaboration with analysts and other stakeholders external to the Essence user community.
IRRT
Incident Response Readiness Toolkit for issue diagnosis and rectification
The Essence Incident Response Readiness Toolkit (IRRT) contains all the tools you need to verify everything is working as it should, as well as prepare your team for fully understanding and using the Essence Solution Suite.
The Essence IRRT also contains packet and payload injector tools which passively show alerts that can travel through the stages of an incident report, serving as validation tests and as table-top exercises when testing cyber incident response plans and training staff on cyber monitoring and response.
THE EVOLUTION OF ESSENCE
RAPID DEPLOYMENT PROCESS
In the Media
In this episode of The Insider’s Guide to Energy podcast, NRECA's Shaun Chaney, technical account manager on the Essence team, discusses the difference between IT and OT cybersecurity while describing how the Essence platform can keep our critical infrastructure protected from digital adversaries.
Interested in a demo?
For pricing and more information, please contact essence@nreca.coop