Cyberattacks can result in significant disruption to the nation’s energy infrastructure and its ability to reliably generate and supply electricity and natural gas to homes and businesses.
To address the wide range of current and emerging cyberthreats to the nation’s energy infrastructure, the Department of Energy’s Office of Cybersecurity, Energy Security and Emergency Response has awarded $45 million to several projects aimed to reduce cyber risks and strengthen the resilience of the country’s energy systems, which include the power grid, electric utilities, pipelines and renewable energy generation sources such as wind or solar.
“DOE is committed to strengthening the nation’s energy sector, including protecting it against current or emerging cyberthreats that would threaten Americans’ access to secure, reliable energy,” Secretary of Energy Jennifer M. Granholm said in a February 2024 press release announcing the funding.
One project selected for funding that will address automated cyberattack prevention and mitigation will be implemented by General Electric Co. in Niskayuna, N.Y. For this project, GE will develop a small form-factor, secure computer platform that will be connected to the operational technology network for natural gas compressor stations, which are important for maintaining proper gas flow to fuel nearly 40% of all electricity generation in the United States.
For security and resiliency by design, selected projects include:
Electric Power Research Institute Inc. (EPRI) in Palo Alto, Calif. will develop an advanced artificial intelligence (A.I.) and data processing capability to detect and respond to cybersecurity incidents in control system endpoints at the grid edge.
The company will also research, develop and demonstrate zero trust architectures for a secure and private 4G LTE and 5G communications network designed to meet the unique needs of electric power systems, primarily focusing on integrating distributed energy resources (DERs) and microgrids.
GE Research will strengthen the security of communication protocols used in generation, transmission and distribution, and will validate, harden and standardize a new protocol to replace the nonsecure protocol currently in use.
GE will also develop an innovative ability using quantum communication to securely communicate time-sensitive coordination messages that are important to the resiliency of the power grid.
Georgia Tech Research Corp. in Atlanta will develop GridLogic, a framework for cyber-physical security of the electricity grid and DERs that will impede cyberattackers and even a malicious insider operator from taking actions that are detrimental to the electricity grid.
Iowa State University of Science and Technology in Ames, Iowa, will develop technical solutions to be incorporated within the initial stages of future DER-integrated grid infrastructure development life cycle for a more resilient operation of critical control functions.
Several projects were selected to develop authentication mechanisms for energy delivery systems, including:
EPRI will develop or accelerate two communications standards to perform centralized management of authentication and authorization services in a zero-trust architecture.
Texas A&M University-Kingsville in Kingsville, Texas, will research, develop and demonstrate a zero-trust authentication mechanism with post-quantum cryptography to reduce the cyber-physical security risks to DER devices and networks.
Kansas State University in Manhattan, Kan., will address the security vulnerabilities of existing standards by integrating authentication, secret key establishment, and encryption-based secure communication mechanisms with existing standards for reliable authentication and communication between smart grid nodes, inverter gateways and other grid-edge devices.
For automated methods to discover and mitigate vulnerabilities, selected projects include:
EPRI will revolutionize vulnerability detection, classification and exploitability determination techniques within control system software to bolster cybersecurity measures in the energy sector.
Georgia Tech Research Corp. will develop “DerGuard,” a framework utilizing A.I. techniques for automated vulnerability assessment, discovery and mitigation in DER devices.
New York University in New York City will develop an integrated and scalable digital twin for security and code verification, called “DISCOVER,” that will detect and mitigate vulnerabilities and malware with a focus on ransomware introduced through software/firmware in the power system supply chain.
For cybersecurity through advanced software solutions, selected projects include:
EPRI will apply digital twins to detect attacks in power generation assets that focus on malicious modification of the operational technology system.
For integration of new concepts and technologies with existing infrastructure, selected projects include:
GE Vernova Advanced Research will demonstrate GE’s attack detection and accommodation technology within five targeted industries: natural gas power generation plants, onshore wind farms, hydropower generation, grid substations and natural gas pipeline distribution.
The SUNY Research Foundation at Stony Brook University in Stony Brook, N.Y., will demonstrate encryption of data in the power grid network, while also allowing smart network nodes to have access to the encrypted data and enable desired functions such as false data injection detection.
About The Author
KUEHNER-HEBERT is a freelance writer based in Running Springs, Calif. She has more than three decades of journalism experience. Reach her at [email protected].