From left to right, NREL's Brian Miller works with David Cronin of DC Systems, Duane Petersen (then with Scitor Corporation), Brandon Hjella of FireEye, and NREL’s Erfan Ibrahim to build the Test Bed for Secure Distributed Grid Management, a hardware system that mimics the communications, power systems, and cybersecurity layers for a utility's power distribution system. Photo by Dennis Schroeder
A new initiative underway at Energy Department's National Renewable Energy Laboratory (NREL) is intended to prevent hackers from gaining control of parts of the nation's power grid, potentially damaging electrical equipment and causing localized power outages.
The American Recovery and Reinvestment Act of 2009 provided the Energy Department with $4.5 billion to modernize the electric power grid. One key to this transition is adding communication and control devices to distant corners of the power grid, so that utilities have greater situational awareness of their grid and can respond quickly to disturbances.
NREL Launches into Cyber
The two-way communications technologies being added to the power grid work like an independent "electricity-only Internet" (sometimes using a cordoned-off part of the actual Internet) with access restricted to utilities—but just like the real Internet, these systems are subject to hacker attacks, and they need a strong cybersecurity system. That's why NREL established a strategic initiative for energy system cybersecurity and in March 2015 hired Erfan Ibrahim as director of the Cyber Physical Systems Security and Resilience Center, under NREL's Energy Systems Integration (ESI) directorate.
"If you look at utilities today, and independent power producers, you will see a tremendous appetite now for cybersecurity solutions that work," Ibrahim said. "Unfortunately, utilities currently have to rely on the sales pitches presented to them by the cybersecurity vendors. And this is where I believe that research labs, especially national research labs, have a unique role to play. The time for hype is over."
To tackle that challenge, Ibrahim's team launched an effort—funded by NREL's Laboratory Directed Research and Development program—to build the Test Bed for Secure Distributed Grid Management, a hardware system that mimics the communications, power systems, and cybersecurity layers for a utility's power distribution system, the part of the power grid that carries power from substations to homes and businesses.
The test bed includes the hardware and software that utilities would use to control a distribution system, including a distribution management system, an enterprise data management system, and two substation management systems. In turn, the substation management systems can interact with real field equipment, such as electric storage systems and electric vehicle chargers, as well as computer-simulated devices, such as solar photovoltaic systems.
The test bed also incorporates much bleeding-edge technology for cybersecurity in an attempt to make the system as secure as possible. As just one example, in typical computer-based communications systems, like the Internet, data is broken up into small "packets" that are exchanged between the communicating computers. The NREL cybersecurity test bed includes a system that hides a "token" within the first packet of each communication session. If some hacker gets into the system and tries to establish his own communication session, his packet will be rejected because it lacks the hidden token.
Another approach "cloaks" the network from unauthorized users, so that hackers can't even detect the computer server. You can't attack what you can't detect. Yet another approach maintains an "airgap"—an information exchange with no network connectivity. You can't use an online attack for a device that is not online.
Once Ibrahim and his team had the "perfect system" set up to secure the test bed, they then took an approach reminiscent of children: they tried to break it. Specifically, they reached into their box of hacker tools and tried to break into the system. Approaching the system from three different angles, they found only one vulnerability, which was due to a misconfigured device. Through just that one error, the hacker was able to get into the system, gain administrator rights, and take control. Those are the types of insights that the test bed is designed to provide. One of the cybersecurity firms actually refined its product after seeing how it performed on the test bed.
"In three and a half months, we were able to pull a real-scale test bed together, attack it, and figure out what works and what doesn't work from a protection perspective," Ibrahim said. "Now we're going to share our findings with the industry to accelerate the adoption of empirically proven cybersecurity controls to protect critical infrastructure."
Ibrahim's research team intends to slowly expand its reach as the researchers learn more about the system. The intent is to continue bringing cybersecurity product vendors and system integrators into the Energy Systems Integration Facility, where the test bed is located, to refine and experiment with the test bed. Once the NREL team considers the test bed ready for "prime time," it will be opened to utilities and product developers for their use—the team is currently targeting early 2016.
Lessons Already Learned
Meanwhile, the test bed has already yielded insights for the NREL research team.
"One lesson was that protocols will not provide security in themselves; it's how you dress up the system that gives you the ultimate security," Ibrahim said.
To Ibrahim, creating a strategic architecture for cybersecurity is the best approach. The cybersecurity test bed relies mainly on devices that tap into the data streams, rather than being an in-line part of the communications. That makes it nearly impossible for a hacker to defeat those devices. The test bed also keeps the communications, control, and cybersecurity layers separate, to help isolate any unwanted intrusions. And visualization tools show any unusual, unexpected connections (say, to Siberia) or any strange behavior, like when the command arriving at a field device is not the same command that came from the control center.
"Utilities need a secure approach today, so what do we have that can do that?" Ibrahim asked. "This is an attempt at answering that question."
But part of the lesson learned is that cybersecurity is expensive, so NREL's most useful advice to utilities might specify which approaches are cost-effective, and which are too expensive.
"What utilities need is a tangible measure of the incremental risk encountered by not using one of our cybersecurity measures, and the cost to mitigate that risk," Ibrahim said.
Ibrahim also sees a potential industrial use of the test bed in verifying the cybersecurity of new grid-connected commercial products.
"Before you go deploying something out in the field, don't just take a point test in the lab and extrapolate to production; you need something in between," Ibrahim said. "And that's the test bed. With our power-hardware-in-the-loop testing in our test bed, we can scale up and run full-scale experiments—some real, some simulated—before a company goes into production with a new product."
"We have a role that few entities can play," Ibrahim said. "Vendors cannot play this role because they don't have the hundreds of millions of dollars of research infrastructure that we have, while commercial labs cannot do this because they look at their bottom line. Why NREL? Because this is where the distributed energy resources are integrated into the grid."
And although the test bed was designed to handle power distribution grids, Ibrahim says it can be applied easily to cybersecurity for other online energy devices, like electric vehicles, wind turbines, home energy networks, thermostats, and even demand response systems. As our energy world continues to expand with more Internet-connected devices, NREL's cybersecurity test bed will help to assure that those devices stay controlled by you, the user, and not some distant hacker.