As a cybersecurity researcher in the National Renewable Energy Laboratory’s (NREL’s) Energy Security and Resilience (ESR) Center, Charisa Powell spends her time developing current strategies for energy-sector organizations to be vigilant and resilient in their cybersecurity safeguards. As a key writer and project planner for two prominent research endeavors, the Distributed Energy Resources Cybersecurity Framework (DERCF) and Cyber-Energy Emulation Platform (CEEP), Powell is helping ESR lead the way in developing cybersecurity tools for the DER community. We talked with Powell about her work at NREL.
How did you become interested in cybersecurity, and what circumstances led you to NREL?
Originally, I was a computer science student as an undergrad at Florida State University. Then I received a scholarship from CyberCorps, a service program that encourages students to get into cybersecurity in school. I got my master’s degree, then did an internship at Los Alamos National Laboratory, where I did research on cyber-physical security and had hands-on opportunities with other areas of cyber, which really interested me. Then I got the job at NREL in 2019. Before that, I was unaware there was a lab dedicated to renewable energy research, and I was so excited to learn NREL was an amazing opportunity to expand my research.
Tell us about your work on the DERCF. How does it benefit organizations that have distributed energy resources (DERs)?
The DERCF is both a written guide and an online tool that federal facilities and industry members with DERs can use to evaluate their cybersecurity posture and take steps to better protect their online energy systems from cyberattacks. DERs like solar photovoltaics and battery storage have significant connectivity to grid systems, which enlarges the potential attack surface for cyber adversaries. The DERCF provides organizations with resources to discover and understand their vulnerabilities as well as take steps to reduce them. It deals specifically with cyber governance, cyber-physical technical management, and physical security of DER devices. The DERCF is built on and goes beyond the U.S. Department of Energy’s Cybersecurity Capability Maturity Model and other federal frameworks. I’ve spent a lot of time researching these models and policies.
CEEP is becoming a popular research platform at NREL and with industry partners. What is CEEP, and what is your role in developing it?
CEEP is a 3D, “plug-and-play” playground that lets users incorporate hardware and virtual devices to create a testing environment and interact seamlessly with it over time. We can see what happens when we plug in a different piece of hardware with the rest of the system to visualize and test how the system changes. CEEP is useful for researchers for architecture validation or running other customized experiments—for example, to introduce data encryption to a system that doesn’t have it and see how it works. We can manipulate parts of a system through the 3D application, dragging and dropping pieces of hardware into the experiment. CEEP is designed to make a researcher’s job much easier; they don’t have to do all the time-consuming configuration.
I am the project manager for the three main elements of CEEP: the commissioning of the platform itself, overseeing its maintenance and operations for others to onboard easily at the ESIF, and developing a huge makeover for the 3D application to make CEEP even more flawlessly interactive and intuitive.
What do you like to do outside of NREL? What are your strategies for navigating the pandemic?
I picked up snowboarding last winter, and I also play the violin occasionally. During the pandemic, I have stayed inside and played a lot of video games. But I also need to get out each day, so I go running or biking and like to lift weights, and I still try to do all the outdoor Colorado things.
