Nav: Home

NREL's cybersecurity initiative aims to wall off the smart grid from hackers

January 05, 2016

A new initiative underway at Energy Department's National Renewable Energy Laboratory (NREL) is intended to prevent hackers from gaining control of parts of the nation's power grid, potentially damaging electrical equipment and causing localized power outages.

The White House and the Energy Department have called for our nation's power grid to transition to a 'smart grid,' which will be more responsive to changing power needs, more able to integrate renewable energy, more efficient, and more reliable. In fact, the American Recovery and Reinvestment Act of 2009 provided the Energy Department with $4.5 billion to modernize the electric power grid. One key to this transition is adding communication and control devices to distant corners of the power grid, so that utilities have greater situational awareness of their grid and can respond quickly to disturbances.

Photo of the Energy Systems Integration Facility.

The cybersecurity test bed incorporates technology in an attempt to make the system as secure as possible. In typical computer-based communications systems, data is broken up into small 'packets' that are exchanged between the communicating computers. The cybersecurity test bed at NREL's Energy Systems Integration Facility includes a system that hides a 'token' within the first packet of each communication session. Photo by Dennis Schroeder

NREL Launches into Cyber

The two-way communications technologies being added to the power grid work like an independent 'electricity-only Internet' (sometimes using a cordoned-off part of the actual Internet) with access restricted to utilities -- but just like the real Internet, these systems are subject to hacker attacks, and they need a strong cybersecurity system. That's why NREL established a strategic initiative for energy system cybersecurity and in March 2015 hired Erfan Ibrahim as director of the Cyber Physical Systems Security and Resilience Center, under NREL's Energy Systems Integration (ESI) directorate.

"If you look at utilities today, and independent power producers, you will see a tremendous appetite now for cybersecurity solutions that work," Ibrahim said. "Unfortunately, utilities currently have to rely on the sales pitches presented to them by the cybersecurity vendors. And this is where I believe that research labs, especially national research labs, have a unique role to play. The time for hype is over."

To tackle that challenge, Ibrahim's team launched an effort -- funded by NREL's Laboratory Directed Research and Development program -- to build the Test Bed for Secure Distributed Grid Management, a hardware system that mimics the communications, power systems, and cybersecurity layers for a utility's power distribution system, the part of the power grid that carries power from substations to homes and businesses.

The test bed includes the hardware and software that utilities would use to control a distribution system, including a distribution management system, an enterprise data management system, and two substation management systems. In turn, the substation management systems can interact with real field equipment, such as electric storage systems and electric vehicle chargers, as well as computer-simulated devices, such as solar photovoltaic systems.

The test bed also incorporates much bleeding-edge technology for cybersecurity in an attempt to make the system as secure as possible. As just one example, in typical computer-based communications systems, like the Internet, data is broken up into small 'packets' that are exchanged between the communicating computers. The NREL cybersecurity test bed includes a system that hides a 'token' within the first packet of each communication session. If some hacker gets into the system and tries to establish his own communication session, his packet will be rejected because it lacks the hidden token.

Another approach 'cloaks' the network from unauthorized users, so that hackers can't even detect the computer server. You can't attack what you can't detect. Yet another approach maintains an 'airgap' -- an information exchange with no network connectivity. You can't use an online attack for a device that is not online.

Once Ibrahim and his team had the 'perfect system' set up to secure the test bed, they then took an approach reminiscent of children: they tried to break it. Specifically, they reached into their box of hacker tools and tried to break into the system. Approaching the system from three different angles, they found only one vulnerability, which was due to a misconfigured device. Through just that one error, the hacker was able to get into the system, gain administrator rights, and take control. Those are the types of insights that the test bed is designed to provide. One of the cybersecurity firms actually refined its product after seeing how it performed on the test bed.

"In three and a half months, we were able to pull a real-scale test bed together, attack it, and figure out what works and what doesn't work from a protection perspective," Ibrahim said. "Now we're going to share our findings with the industry to accelerate the adoption of empirically proven cybersecurity controls to protect critical infrastructure."

Ibrahim's research team intends to slowly expand its reach as the researchers learn more about the system. The intent is to continue bringing cybersecurity product vendors and system integrators into the Energy Systems Integration Facility, where the test bed is located, to refine and experiment with the test bed. Once the NREL team considers the test bed ready for 'prime time,' it will be opened to utilities and product developers for their use -- the team is currently targeting early 2016.

Photo of two men and a computer screen.

FireEye's Brandon Hjella works with Duane Petersen (then with Scitor Corporation) on the Test Bed for Secure Distributed Grid Management. Although the test bed was designed to handle power distribution grids, it can be applied easily to cybersecurity for other online energy devices, like electric vehicles, wind turbines, home energy networks, and more. Photo by Dennis Schroeder

Lessons Already Learned

Meanwhile, the test bed has already yielded insights for the NREL research team.

"One lesson was that protocols will not provide security in themselves; it's how you dress up the system that gives you the ultimate security," Ibrahim said.

To Ibrahim, creating a strategic architecture for cybersecurity is the best approach. The cybersecurity test bed relies mainly on devices that tap into the data streams, rather than being an in-line part of the communications. That makes it nearly impossible for a hacker to defeat those devices. The test bed also keeps the communications, control, and cybersecurity layers separate, to help isolate any unwanted intrusions. And visualization tools show any unusual, unexpected connections (say, to Siberia) or any strange behavior, like when the command arriving at a field device is not the same command that came from the control center.

"Utilities need a secure approach today, so what do we have that can do that?" Ibrahim asked. "This is an attempt at answering that question."

But part of the lesson learned is that cybersecurity is expensive, so NREL's most useful advice to utilities might specify which approaches are cost-effective, and which are too expensive.

"What utilities need is a tangible measure of the incremental risk encountered by not using one of our cybersecurity measures, and the cost to mitigate that risk," Ibrahim said.

Ibrahim also sees a potential industrial use of the test bed in verifying the cybersecurity of new grid-connected commercial products.

"Before you go deploying something out in the field, don't just take a point test in the lab and extrapolate to production; you need something in between," Ibrahim said. "And that's the test bed. With our power-hardware-in-the-loop testing in our test bed, we can scale up and run full-scale experiments -- some real, some simulated -- before a company goes into production with a new product."

"We have a role that few entities can play," Ibrahim said. "Vendors cannot play this role because they don't have the hundreds of millions of dollars of research infrastructure that we have, while commercial labs cannot do this because they look at their bottom line. Why NREL? Because this is where the distributed energy resources are integrated into the grid."

And although the test bed was designed to handle power distribution grids, Ibrahim says it can be applied easily to cybersecurity for other online energy devices, like electric vehicles, wind turbines, home energy networks, thermostats, and even demand response systems. As our energy world continues to expand with more Internet-connected devices, NREL's cybersecurity test bed will help to assure that those devices stay controlled by you, the user, and not some distant hacker.
To learn more about the Cyber Physical Systems Security and Resilience Center, contact Tami Reynolds at or (303)-275-3887.

DOE/National Renewable Energy Laboratory

Related Cybersecurity Articles:

Computer scientists' new tool fools hackers into sharing keys for better cybersecurity
Instead of blocking hackers, a new cybersecurity defense approach developed by University of Texas at Dallas computer scientists actually welcomes them.
Cultural differences account for global gap in online regulation -- study
Differences in cultural values have led some countries to tackle the specter of cyber-attacks with increased internet regulation, whilst others have taken a 'hands-off' approach to online security -- a new study shows.
Study finds companies may be wise to share cybersecurity efforts
Research finds that when one company experiences a cybersecurity breach, other companies in the same field also become less attractive to investors.
$4.6 million award creates program to train cybersecurity professionals
A five-year, $4.63 million award from the National Science Foundation will enable a multi-disciplinary team of researchers at the University of Arkansas to create a program to recruit, educate and train the next generation of cybersecurity professionals.
First cyber agility framework to train officials developed to out-maneuver cyber attacks
To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the US Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders.
Cyber of the fittest: Researchers develop first cyber agility framework to measure attacks
The framework proposed by the researchers will help government and industry organizations visualize how well they out-maneuver attacks over time.
Army researchers identify new way to improve cybersecurity
Researchers at the US Army Combat Capabilities Development Command's Army Research Laboratory, the Army's corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.
How susceptible are hospital employees to phishing attacks?
A multicenter study finds high click rate for simulated phishing emails, potential benefit in phishing awareness training.
A Georgia State cybersecurity study of the dark web exposes vulnerability to machine identities
A thriving marketplace for SSL and TLS certificates -- small data files used to facilitate confidential communication between organizations' servers and their clients' computers -- exists on a hidden part of the Internet, according to new research by Georgia State University's Evidence-Based Cybersecurity Research Group (EBCS) and the University of Surrey.
Army scientists revolutionize cybersecurity through quantum research
Army scientists have found a novel way to safeguard quantum information during transmission.
More Cybersecurity News and Cybersecurity Current Events

Trending Science News

Current Coronavirus (COVID-19) News

Top Science Podcasts

We have hand picked the top science podcasts of 2020.
Now Playing: TED Radio Hour

Listen Again: Reinvention
Change is hard, but it's also an opportunity to discover and reimagine what you thought you knew. From our economy, to music, to even ourselves–this hour TED speakers explore the power of reinvention. Guests include OK Go lead singer Damian Kulash Jr., former college gymnastics coach Valorie Kondos Field, Stockton Mayor Michael Tubbs, and entrepreneur Nick Hanauer.
Now Playing: Science for the People

#562 Superbug to Bedside
By now we're all good and scared about antibiotic resistance, one of the many things coming to get us all. But there's good news, sort of. News antibiotics are coming out! How do they get tested? What does that kind of a trial look like and how does it happen? Host Bethany Brookeshire talks with Matt McCarthy, author of "Superbugs: The Race to Stop an Epidemic", about the ins and outs of testing a new antibiotic in the hospital.
Now Playing: Radiolab

Dispatch 6: Strange Times
Covid has disrupted the most basic routines of our days and nights. But in the middle of a conversation about how to fight the virus, we find a place impervious to the stalled plans and frenetic demands of the outside world. It's a very different kind of front line, where urgent work means moving slow, and time is marked out in tiny pre-planned steps. Then, on a walk through the woods, we consider how the tempo of our lives affects our minds and discover how the beats of biology shape our bodies. This episode was produced with help from Molly Webster and Tracie Hunte. Support Radiolab today at