A new initiative underway at Energy Department's National Renewable Energy Laboratory (NREL) is intended to prevent hackers from gaining control of parts of the nation's power grid, potentially damaging electrical equipment and causing localized power outages.
The White House and the Energy Department have called for our nation's power grid to transition to a "smart grid," which will be more responsive to changing power needs, more able to integrate renewable energy, more efficient, and more reliable. In fact, the American Recovery and Reinvestment Act of 2009 provided the Energy Department with $4.5 billion to modernize the electric power grid. One key to this transition is adding communication and control devices to distant corners of the power grid, so that utilities have greater situational awareness of their grid and can respond quickly to disturbances.
The cybersecurity test bed incorporates technology in an attempt to make the system as secure as possible. In typical computer-based communications systems, data is broken up into small "packets" that are exchanged between the communicating computers. The cybersecurity test bed at NREL’s Energy Systems Integration Facility includes a system that hides a "token" within the first packet of each communication session. Photo by Dennis Schroeder
NREL Launches into Cyber
The two-way communications technologies being added to the power grid work like an independent "electricity-only Internet" (sometimes using a cordoned-off part of the actual Internet) with access restricted to utilities—but just like the real Internet, these systems are subject to hacker attacks, and they need a strong cybersecurity system. That's why NREL established a strategic initiative for energy system cybersecurity and in March 2015 hired Erfan Ibrahim as director of the Cyber Physical Systems Security and Resilience Center, under NREL's Energy Systems Integration (ESI) directorate.
"If you look at utilities today, and independent power producers, you will see a tremendous appetite now for cybersecurity solutions that work," Ibrahim said. "Unfortunately, utilities currently have to rely on the sales pitches presented to them by the cybersecurity vendors. And this is where I believe that research labs, especially national research labs, have a unique role to play. The time for hype is over."
To tackle that challenge, Ibrahim's team launched an effort—funded by NREL's Laboratory Directed Research and Development program—to build the Test Bed for Secure Distributed Grid Management, a hardware system that mimics the communications, power systems, and cybersecurity layers for a utility's power distribution system, the part of the power grid that carries power from substations to homes and businesses.
The test bed includes the hardware and software that utilities would use to control a distribution system, including a distribution management system, an enterprise data management system, and two substation management systems. In turn, the substation management systems can interact with real field equipment, such as electric storage systems and electric vehicle chargers, as well as computer-simulated devices, such as solar photovoltaic systems.
The test bed also incorporates much bleeding-edge technology for cybersecurity in an attempt to make the system as secure as possible. As just one example, in typical computer-based communications systems, like the Internet, data is broken up into small "packets" that are exchanged between the communicating computers. The NREL cybersecurity test bed includes a system that hides a "token" within the first packet of each communication session. If some hacker gets into the system and tries to establish his own communication session, his packet will be rejected because it lacks the hidden token.
Another approach "cloaks" the network from unauthorized users, so that hackers can't even detect the computer server. You can't attack what you can't detect. Yet another approach maintains an "airgap"—an information exchange with no network connectivity. You can't use an online attack for a device that is not online.
Once Ibrahim and his team had the "perfect system" set up to secure the test bed, they then took an approach reminiscent of children: they tried to break it. Specifically, they reached into their box of hacker tools and tried to break into the system. Approaching the system from three different angles, they found only one vulnerability, which was due to a misconfigured device. Through just that one error, the hacker was able to get into the system, gain administrator rights, and take control. Those are the types of insights that the test bed is designed to provide. One of the cybersecurity firms actually refined its product after seeing how it performed on the test bed.
"In three and a half months, we were able to pull a real-scale test bed together, attack it, and figure out what works and what doesn't work from a protection perspective," Ibrahim said. "Now we're going to share our findings with the industry to accelerate the adoption of empirically proven cybersecurity controls to protect critical infrastructure."
Ibrahim's research team intends to slowly expand its reach as the researchers learn more about the system. The intent is to continue bringing cybersecurity product vendors and system integrators into the Energy Systems Integration Facility, where the test bed is located, to refine and experiment with the test bed. Once the NREL team considers the test bed ready for "prime time," it will be opened to utilities and product developers for their use—the team is currently targeting early 2016.
