When it comes to cybersecurity for the electric grid, researchers at NREL are looking ahead. New energy technologies are entering the market daily, and they are transforming the grid to one that is more dynamic, distributed, and autonomous.
While these advancements continue to create new opportunities for innovation—and a more modern energy infrastructure—they can also introduce new unknowns, potential vulnerabilities, and greater access to our electric grid by nefarious actors.
“We are seeing many, many more energy devices being added to the power grid, specifically at the grid edge, and it’s changing the way we generate, store, and use energy,” said Juan Torres, National Renewable Energy Laboratory (NREL) associate laboratory director for Energy Systems Integration. “All of this implies more communications to make the grid run. As that complexity increases, the attack surface will increase, and our reliance on digital technology will increase. That’s why cybersecurity needs to be at the forefront.”
Such changes are transforming the electric grid to become increasingly composed of distributed energy resources (DERs), which means there are more connection points between solar inverters, electric vehicles, home batteries, and other home energy devices.
With evolutions to both new grid technologies and more sophisticated hacking methods, NREL is preparing to better identify and respond to the types of threats that future energy systems may encounter.
All Hands on Deck: Expanding NREL’s Portfolio in Cybersecurity
Torres has been shaping the direction of NREL’s cybersecurity portfolio for over a decade. Though he joined NREL in 2017 from Sandia National Laboratories, he began collaborating with NREL back in 2008 on a project related to grid vulnerabilities and renewables. As co-lead on the project with NREL’s Power Systems Engineering Center Director Ben Kroposki, Torres pointed out that cybersecurity was needed to securely increase the penetration of solar energy.
“At that time, I knew that NREL was the number one lab in the renewable energy space, and if we were going to address everything there is to bear on securing the power grid, we were going to need all hands on deck,” Torres said.
NREL’s research in cybersecurity for energy systems began to take shape from there. And what began as a group of about five researchers—performing cyber assessments for utility companies and other power systems engineering projects—has grown to more than 25 employees, with a clear mission to improve the current understanding of potential cyber threats to the grid and develop technologies that enable more secure energy systems.
Juan Torres (left), associate laboratory director for Energy Systems Integration and John Barnett (right), center director of Energy Security and Resilience, are shaping new directions for cybersecurity research at NREL. As part of a lab-wide Energy Security and Resilience Initiative, leadership is bringing expertise from across the laboratory to leverage existing research in security and resilience and expand its efforts in protecting energy services.
The expansion of NREL’s cybersecurity research can largely be attributed to the launch of its Energy Security and Resilience (ESR) Center in October 2018, with the appointment of John Barnett as center director. With years working in national defense and security prior to coming to NREL, Barnett has been working to coordinate the laboratory’s efforts to leverage its existing research in both security and resilience—and grow its contributions to protecting energy services against disruption.
“NREL researchers have long contributed to energy security and resilience in work ranging from microgrids for campuses and Department of Defense installations, to helping communities recovering from natural disasters plan a more robust future energy system,” Barnett explained, pointing to a vision for continued collaboration and new areas of research. “Our energy security and resilience initiative brings expertise from across the laboratory to bear on emerging challenges to sustaining our nation’s energy services in the face of natural and human threats.”
Cybersecurity is not just part of a laboratory-wide initiative at NREL. It has become a top priority for the U.S. Department of Energy (DOE), as it is critical to the success of DOE’s mission to secure the nation’s energy supply and national security. With the recent appointment of Alexander Gates serving as director for the DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER), the United States’ cyber portfolio is now pivoting from research focused on hardening and protecting energy systems to automatically identifying and responding to threats, with cybersecurity built into modern energy systems. Gates joins the DOE from the National Security Agency.
“The creation of DOE’s CESER Office was an important development that recognized the Department’s role not only in advancing energy science and technology, but in protecting the supply of energy as a central element of our critical infrastructure,” Barnett added. “Other DOE Offices contribute to energy security and resilience, but CESER’s mission highlights the importance of cybersecurity and planning for prompt restoration of energy in an emergency.”
New Challenges, New Opportunities
Up until now, a common approach to addressing cybersecurity has been to patch vulnerabilities as they are identified, such as applying updates to an operating system to resolve a code error or weakness. That kind of Band-Aid approach, however, will not keep pace with an evolving electric grid—especially as hackers develop new attacks and there are “zero-day” vulnerabilities, or existing vulnerabilities that are unknown to vendors. Those concerns have led NREL to focus on solutions that are intrinsic to device- and system-level design for future energy systems. https://www.youtube.com/embed/ZsQydvpx8m0?enablejsapi=1&origin=https:%2F%2Fwww.nrel.gov
“NREL is one of the labs leading the modernization of the grid, and with that brings much more interconnected distributed systems,” said Jon White, manager of NREL’s Secure Cyber-Energy Systems group. “That added complexity raises new security questions, but it also presents new security opportunities.”
White added that cyber threats to the grid are not dependent on whether the energy resources come from renewable systems versus more traditional bulk power plants. It is important to note, he said, that all energy systems are vulnerable to the potential of cyberattack from a malicious actor. What matters is the difference in how a centralized power plant is targeted compared to the way a distributed system could be targeted.
“From a defense perspective, we have a lot of data on a DER system that could help to potentially identify attackers, and because a DER system is so much more distributed, we also have many ways of responding,” White said. “On the other hand, because traditional bulk power plants are utility-owned, they have the advantage of very robust cyber- and physical security protocols.”
The advantage of an increasingly distributed grid is that there could be hundreds to thousands of devices running on a given network to meet the equivalent size of a centralized power plant—so instead of one target, an attacker would have to successfully impact a large number of grid-connected devices for equivalent impact.
Alternatively, one successful attack to a central system could turn off a significantly large amount of generation or transmission. But a lot of effort has been placed on hardening traditional power plants against attack.
Evaluating Future Cyber-Energy Systems, Virtually
One way NREL is evaluating the design of more distributed energy systems is through its recent deployment of the Cyber-Energy Emulation Platform (CEEP), a unique capability that allows researchers to create entire energy systems in a virtual world. The CEEP makes it possible to replicate a power grid digitally—both within the platform’s emulation environment and through advanced data visualization—which can be projected onto wall-sized screens for observation and analysis. Researchers can generate an unlimited number of unique energy system environments, while connecting to actual physical devices throughout NREL’s Energy Systems Integration Facility (ESIF) and Flatirons Campus.
“The platform enables research by pulling in all the labs, providing physical resources, virtual resources, and co-simulation at scale,” said Bruno Salvatico, cybersecurity research technician and project manager for the CEEP. “What makes this particular platform unique is the possibility to virtually tie in everything from the cyber perspective to the physical labs.”
That means researchers can connect hardware devices in the labs—such as solar inverters, electric vehicle (EV) chargers, and home energy management systems—to the emulated grid and create scenarios where a cyber or physical threat might impact the operation of such devices.
The high level of realism afforded by the CEEP is central to one of NREL’s newest capabilities, the Advanced Research on Integrated Energy Systems (ARIES) research platform, which includes the ESIF, Flatirons Campus, and a virtual emulation environment.
ARIES enables experimentation on a large variety of at-scale infrastructure, like wind power plants and hydrogen electrolyzers. The CEEP will be used to study the cyber connections between those research assets—their communications and data exchange—and will eventually be used to develop and study digital twins of such devices.
ARIES will also help to scale up other projects that are currently using the CEEP, including high-consequence threat evaluation for EV fast-charging, encryption for DER controls and communications, and the study of 5G communications for security.
“The IT environment is evolving to 5G and beyond, and the confluence of these two evolutions offers tremendous opportunities as well as challenges,” said Daniel Bennett, senior technical advisor to the ESR Center. “CEEP and the broader ARIES initiative and the lab resources it leverages can help us understand that future ecosystem and develop solutions to meet those challenges.”
By connecting vehicle chargers that are physically located in an ESIF lab to the CEEP, researchers can safely perform an analysis of real and emulated network traffic on fast EV chargers in both normal and cyber-attack scenarios. Similarly, by connecting the NREL-developed encryption device Module-OTPDF, researchers can safely generate an attack scenario, evaluate Module-OT’s response, and demonstrate its mitigation effectiveness through the platform’s visualization capability. Research is now underway to leverage CEEP for evaluating the security benefits of 5G communications in managing DER systems.https://www.youtube.com/embed/utE9vlvUPf8?enablejsapi=1&origin=https:%2F%2Fwww.nrel.gov
“What really distinguishes this capability is the orchestration, or automation, that we built in,” said Josh Rivera, NREL researcher and a principal investigator of the project. Rivera explained that without automation, his team would have to write out original scripts for every scenario to configure the platform at a base level, then manually pull in different projects for evaluation. “So, if we want to stand this up somewhere else, we can replicate the baseline and apply to pretty much any use case.”
The CEEP is not only flexible in its application and use. It was designed to enable remote access, with the goal to accelerate progress and collaboration on research initiatives across the laboratory. This capability has become especially important as many NREL researchers—and collaborators—are now working from home in response to the COVID-19 pandemic. As CEEP Co-Developer and Cyber Research Engineer Adarsh Hasandka added, the team is continually working to fine-tune this capability, “to improve remote access and usability of the platform so that researchers can continue to work unimpeded.”
Other Projects: Sharpening NREL’s Cyber Tools
Since the launch of NREL’s Energy Security and Resilience Center two years ago, the laboratory’s research portfolio in grid security and resilience has grown rapidly. In addition to the CEEP, key projects that have mobilized NREL’s cybersecurity research portfolio include the Distributed Energy Resources Cybersecurity Framework (DERCF), establishing new cybersecurity industry standards for DERsPDF, and more recently, leveraging data from cable television networks to help detect cyber anomalies on the electric grid.
For example, the DERCF is a game changer for assessing cybersecurity vulnerabilities on modern grid systems. With support from DOE’s Federal Energy Management Program (FEMP), the NREL-developed framework fills a critical gap that expands upon existing cybersecurity frameworks, for the comprehensive evaluation of the cybersecurity posture of federal sites with DER systems. Available as both a written guide and web-based tool, the DERCF helps users pinpoint cybersecurity vulnerabilities for renewable energy systems—based on unique facilities, personnel, and operational procedures—and develops customized action plans to improve an organization’s security controls and practices.
As energy systems shift from more centralized models to distributed, the DERCF will be key in staying ahead of cyber adversaries, ensuring that the renewable assets being introduced to the grid are protected.https://www.youtube.com/embed/cvLbNXKOBC0?enablejsapi=1&origin=https:%2F%2Fwww.nrel.gov
System-Level Solutions for a Future Grid
Looking ahead, White hopes his team can dedicate even greater focus on how distributed energy devices affect the security and resilience of distribution systems at scale—military bases, transit hubs, neighborhoods, even cities.
“If you think about the future of multiple wind plants, possibly being controlled with multiple photovoltaic plants with a large-scale storage system, each one of those are systems. Put together, it’s a system of systems,” White said. “They all have different controls, different sensors, different data… and when you put them all together and consider the security, you’re talking about the security of multiple systems. How do we build security solutions that can deal with both the system and the ‘system-of-systems’ level?”
With ARIES, the multiple system scales that define modern energy security are experimentally accessible for the first time. The security implications of millions of devices, of distributed architectures, and of their resulting connections can now be evaluated under realistic scenarios, creating a new comprehensive approach to power system security. ARIES creates the highest-fidelity resource available for studying real-time response and situational awareness of cybersecurity, with an impact that will inform the coming era of energy system operations.
As new concepts emerge, such as artificial intelligence for energy systems management, Torres sees opportunity for NREL to continue working with the energy sector and exploring new ways to incorporate cybersecurity into the design cycle of such technologies. But, he adds, the work will never be finished.
“Security is a journey,” Torres said. “Threats will continue to evolve—adversaries as well as their capabilities. It will be critical to continue building more intelligence and more security within today’s evolving energy systems—and to always be looking ahead.”