Vulnerabilities provide adversaries easy entry into critical computing and infrastructure systems. PNNL is addressing this challenge by working with system owners and operators to identify risks and possible weaknesses and to mitigate and respond to cyber threats more efficiently and effectively.
PNNL performs thorough assessments for network information technologies, industrial control systems, cyber-physical systems, software, hardware, and standard policies and operating procedures. Sponsors depend on our expertise to provide a rigorous and repeatable process for assessing the resilience, reliability, and security of cyber systems and operational mechanisms.
Led by a diverse team of cybersecurity professionals, PNNL invests considerable resources to develop and implement quantitative measures of security, compromise, and attack characterization. Our approaches enable assessment and cost-benefit analyses customized for the situation, such as assessing the risk of implementing collaboration software or testing the security level of programmable logic controllers for industrial control systems. Following an assessment, sponsors receive a report detailing the findings. Then we can continue to work together to understand identified vulnerabilities, recommend mitigations, and test their effectiveness through follow-on testing.
PNNL brings to its systems expertise in teaching cybersecurity best practices through hands-on workshops and competitions. Activities such as “red team” vs. “blue team” exercises provide opportunities for cyber defenders to practice their skills against a safe adversary in a controlled environment, testing how they would perform against a real-life malicious adversary. Our research and advanced facilities allow sponsors to evaluate how cyber systems perform in the face of threats and malicious activity, providing insight into how best to respond to a cyberattack.
By understanding the unique challenges and threats faced by each domain, we give system owners the confidence to manage risks and balance operational objectives and business strategy against potential threats. PNNL equips decision makers and frontline cybersecurity professionals with the tools and research necessary to evaluate how new technologies will affect the balance of confidentiality, integrity, and availability of their systems.