PNNL

Abstract

Vulnerability scanning of embedded sensors and controllers have a history of causing disruption and malfunction within operation technology environments. Traditional information technology vulnerability scanning generally consists of blunt exercising all or a large population of test conditions to understand how equipment responds. Often the large number and varied conditions of the tests are too much for embedded systems to handle. This paper presents a methodology and framework for integrating passive monitoring and active scanning techniques to optimize the type and amount of necessary active communication tests while achieving acceptable levels of device and vulnerability discovery. Bayesian probability and networks are leveraged for inference to drive the automation of the scanning actions to achieve confidence in discovery. Through inference, selecting the optimal active scans with the least risk and highest confidence impact is possible, thereby eliminating unnecessary scans with uncertain effects. Results of experimenting with real power systems and the following probabilities are provided.