Nav: Home

NREL's cybersecurity initiative aims to wall off the smart grid from hackers

January 05, 2016

A new initiative underway at Energy Department's National Renewable Energy Laboratory (NREL) is intended to prevent hackers from gaining control of parts of the nation's power grid, potentially damaging electrical equipment and causing localized power outages.

The White House and the Energy Department have called for our nation's power grid to transition to a 'smart grid,' which will be more responsive to changing power needs, more able to integrate renewable energy, more efficient, and more reliable. In fact, the American Recovery and Reinvestment Act of 2009 provided the Energy Department with $4.5 billion to modernize the electric power grid. One key to this transition is adding communication and control devices to distant corners of the power grid, so that utilities have greater situational awareness of their grid and can respond quickly to disturbances.

Photo of the Energy Systems Integration Facility.

The cybersecurity test bed incorporates technology in an attempt to make the system as secure as possible. In typical computer-based communications systems, data is broken up into small 'packets' that are exchanged between the communicating computers. The cybersecurity test bed at NREL's Energy Systems Integration Facility includes a system that hides a 'token' within the first packet of each communication session. Photo by Dennis Schroeder

NREL Launches into Cyber

The two-way communications technologies being added to the power grid work like an independent 'electricity-only Internet' (sometimes using a cordoned-off part of the actual Internet) with access restricted to utilities -- but just like the real Internet, these systems are subject to hacker attacks, and they need a strong cybersecurity system. That's why NREL established a strategic initiative for energy system cybersecurity and in March 2015 hired Erfan Ibrahim as director of the Cyber Physical Systems Security and Resilience Center, under NREL's Energy Systems Integration (ESI) directorate.

"If you look at utilities today, and independent power producers, you will see a tremendous appetite now for cybersecurity solutions that work," Ibrahim said. "Unfortunately, utilities currently have to rely on the sales pitches presented to them by the cybersecurity vendors. And this is where I believe that research labs, especially national research labs, have a unique role to play. The time for hype is over."

To tackle that challenge, Ibrahim's team launched an effort -- funded by NREL's Laboratory Directed Research and Development program -- to build the Test Bed for Secure Distributed Grid Management, a hardware system that mimics the communications, power systems, and cybersecurity layers for a utility's power distribution system, the part of the power grid that carries power from substations to homes and businesses.

The test bed includes the hardware and software that utilities would use to control a distribution system, including a distribution management system, an enterprise data management system, and two substation management systems. In turn, the substation management systems can interact with real field equipment, such as electric storage systems and electric vehicle chargers, as well as computer-simulated devices, such as solar photovoltaic systems.

The test bed also incorporates much bleeding-edge technology for cybersecurity in an attempt to make the system as secure as possible. As just one example, in typical computer-based communications systems, like the Internet, data is broken up into small 'packets' that are exchanged between the communicating computers. The NREL cybersecurity test bed includes a system that hides a 'token' within the first packet of each communication session. If some hacker gets into the system and tries to establish his own communication session, his packet will be rejected because it lacks the hidden token.

Another approach 'cloaks' the network from unauthorized users, so that hackers can't even detect the computer server. You can't attack what you can't detect. Yet another approach maintains an 'airgap' -- an information exchange with no network connectivity. You can't use an online attack for a device that is not online.

Once Ibrahim and his team had the 'perfect system' set up to secure the test bed, they then took an approach reminiscent of children: they tried to break it. Specifically, they reached into their box of hacker tools and tried to break into the system. Approaching the system from three different angles, they found only one vulnerability, which was due to a misconfigured device. Through just that one error, the hacker was able to get into the system, gain administrator rights, and take control. Those are the types of insights that the test bed is designed to provide. One of the cybersecurity firms actually refined its product after seeing how it performed on the test bed.

"In three and a half months, we were able to pull a real-scale test bed together, attack it, and figure out what works and what doesn't work from a protection perspective," Ibrahim said. "Now we're going to share our findings with the industry to accelerate the adoption of empirically proven cybersecurity controls to protect critical infrastructure."

Ibrahim's research team intends to slowly expand its reach as the researchers learn more about the system. The intent is to continue bringing cybersecurity product vendors and system integrators into the Energy Systems Integration Facility, where the test bed is located, to refine and experiment with the test bed. Once the NREL team considers the test bed ready for 'prime time,' it will be opened to utilities and product developers for their use -- the team is currently targeting early 2016.

Photo of two men and a computer screen.

FireEye's Brandon Hjella works with Duane Petersen (then with Scitor Corporation) on the Test Bed for Secure Distributed Grid Management. Although the test bed was designed to handle power distribution grids, it can be applied easily to cybersecurity for other online energy devices, like electric vehicles, wind turbines, home energy networks, and more. Photo by Dennis Schroeder

Lessons Already Learned

Meanwhile, the test bed has already yielded insights for the NREL research team.

"One lesson was that protocols will not provide security in themselves; it's how you dress up the system that gives you the ultimate security," Ibrahim said.

To Ibrahim, creating a strategic architecture for cybersecurity is the best approach. The cybersecurity test bed relies mainly on devices that tap into the data streams, rather than being an in-line part of the communications. That makes it nearly impossible for a hacker to defeat those devices. The test bed also keeps the communications, control, and cybersecurity layers separate, to help isolate any unwanted intrusions. And visualization tools show any unusual, unexpected connections (say, to Siberia) or any strange behavior, like when the command arriving at a field device is not the same command that came from the control center.

"Utilities need a secure approach today, so what do we have that can do that?" Ibrahim asked. "This is an attempt at answering that question."

But part of the lesson learned is that cybersecurity is expensive, so NREL's most useful advice to utilities might specify which approaches are cost-effective, and which are too expensive.

"What utilities need is a tangible measure of the incremental risk encountered by not using one of our cybersecurity measures, and the cost to mitigate that risk," Ibrahim said.

Ibrahim also sees a potential industrial use of the test bed in verifying the cybersecurity of new grid-connected commercial products.

"Before you go deploying something out in the field, don't just take a point test in the lab and extrapolate to production; you need something in between," Ibrahim said. "And that's the test bed. With our power-hardware-in-the-loop testing in our test bed, we can scale up and run full-scale experiments -- some real, some simulated -- before a company goes into production with a new product."

"We have a role that few entities can play," Ibrahim said. "Vendors cannot play this role because they don't have the hundreds of millions of dollars of research infrastructure that we have, while commercial labs cannot do this because they look at their bottom line. Why NREL? Because this is where the distributed energy resources are integrated into the grid."

And although the test bed was designed to handle power distribution grids, Ibrahim says it can be applied easily to cybersecurity for other online energy devices, like electric vehicles, wind turbines, home energy networks, thermostats, and even demand response systems. As our energy world continues to expand with more Internet-connected devices, NREL's cybersecurity test bed will help to assure that those devices stay controlled by you, the user, and not some distant hacker.
-end-
To learn more about the Cyber Physical Systems Security and Resilience Center, contact Tami Reynolds at tami.reynolds@nrel.gov or (303)-275-3887.

DOE/National Renewable Energy Laboratory

Related Cybersecurity Articles:

$4.6 million award creates program to train cybersecurity professionals
A five-year, $4.63 million award from the National Science Foundation will enable a multi-disciplinary team of researchers at the University of Arkansas to create a program to recruit, educate and train the next generation of cybersecurity professionals.
First cyber agility framework to train officials developed to out-maneuver cyber attacks
To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the US Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders.
Cyber of the fittest: Researchers develop first cyber agility framework to measure attacks
The framework proposed by the researchers will help government and industry organizations visualize how well they out-maneuver attacks over time.
Army researchers identify new way to improve cybersecurity
Researchers at the US Army Combat Capabilities Development Command's Army Research Laboratory, the Army's corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.
How susceptible are hospital employees to phishing attacks?
A multicenter study finds high click rate for simulated phishing emails, potential benefit in phishing awareness training.
A Georgia State cybersecurity study of the dark web exposes vulnerability to machine identities
A thriving marketplace for SSL and TLS certificates -- small data files used to facilitate confidential communication between organizations' servers and their clients' computers -- exists on a hidden part of the Internet, according to new research by Georgia State University's Evidence-Based Cybersecurity Research Group (EBCS) and the University of Surrey.
Army scientists revolutionize cybersecurity through quantum research
Army scientists have found a novel way to safeguard quantum information during transmission.
Dena Haritos Tsamitis secures $5 million NSF award for CyberCorps Scholarship for Service program
At a time when demand for cybersecurity expertise has never been higher, Carnegie Mellon University has just been awarded a $5 million renewal of its National Science Foundation CyberCorps Scholarship for Service program through 2023.
UTSA researchers create framework to stop cyber attacks on internet-connected cars
A new study by Maanak Gupta, doctoral candidate at The University of Texas at San Antonio, and Ravi Sandhu, Lutcher Brown Endowed Professor of computer science and founding executive director of the UTSA Institute for Cyber Security (ICS), examines the cybersecurity risks for new generations of smart which includes both autonomous and internet connected cars.
Cybersecurity teams that don't interact much perform best
Army scientists recently found that the best, high-performing cybersecurity teams have relatively few interactions with their team-members and team captain.
More Cybersecurity News and Cybersecurity Current Events

Best Science Podcasts 2019

We have hand picked the best science podcasts for 2019. Sit back and enjoy new science podcasts updated daily from your favorite science news services and scientists.
Now Playing: TED Radio Hour

Rethinking Anger
Anger is universal and complex: it can be quiet, festering, justified, vengeful, and destructive. This hour, TED speakers explore the many sides of anger, why we need it, and who's allowed to feel it. Guests include psychologists Ryan Martin and Russell Kolts, writer Soraya Chemaly, former talk radio host Lisa Fritsch, and business professor Dan Moshavi.
Now Playing: Science for the People

#538 Nobels and Astrophysics
This week we start with this year's physics Nobel Prize awarded to Jim Peebles, Michel Mayor, and Didier Queloz and finish with a discussion of the Nobel Prizes as a way to award and highlight important science. Are they still relevant? When science breakthroughs are built on the backs of hundreds -- and sometimes thousands -- of people's hard work, how do you pick just three to highlight? Join host Rachelle Saunders and astrophysicist, author, and science communicator Ethan Siegel for their chat about astrophysics and Nobel Prizes.