New Research Aims to Improve Detection and Prevention of Stealthy Cyber-Physical Attacks in Clean Energy Technology
Office of Cybersecurity, Energy Security, and Emergency Response
May 9, 2024
minute read time
Solar and wind energy are some of the fastest growing and most affordable energy sources in America. One of the biggest challenges facing distributed energy resources (DER), like solar and wind power equipment, is the potential of cyber attacks that compromise security for each connected device and the electric grid. Long-term security and resilience measures tailored for DER or inverter-based resources (IBR) that generate power from renewable sources are critical for our clean energy future.
The Department of Energy’s (DOE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) funded a research project with Sandia National Laboratories to develop cybersecurity measures specifically for DER or IBR, like photovoltaic (PV) systems and distributed wind turbines. Lab researchers are designing a network-based intrusion detection system (NIDS) to enable cyber-physical analysis of DER traffic that can detect stealthy cyber attacks, such as false data injection attacks. The NIDS technology will include digital twins, a virtual representation of a DER system, that can conduct real-time analysis and detect malicious activity or communications coming from a potential threat.
Findings from this project, which was selected in collaboration with DOE’s Wind Energy Technologies Office (WETO) recent lab call, will inform other cyber threat detection efforts:
- Sandia researchers developed and released DERTranslate, an open-source software tool within the codebase of the developed NIDS, to capture physical data and control information. DERTranslate will generate a map for DER systems that are interoperable and interconnected with electric grid systems and will facilitate threat detection by linking binary data to physical components of the system, such as DER models and registers.
- Another CESER-funded research project at Sandia, “GoalTender”, uses the parsers and DER ecosystem connected to the internet (IEEE 2030.5 protocol) created by this research project to develop defense-in-depth solutions for DER Management Systems with Next Generation Firewalls and Security Orchestration, Automation, and Response solutions.
- The technology will be applied to WETO’s Machine Learning-Based Intrusion Detection System (IDS) for Wind Networks project, which started in late 2023.
This research will help secure grid operations and increase resiliency, ensuring the continued distribution of safe, affordable, clean energy to homes and businesses across the U.S. Learn more about CESER’s efforts to improve the cybersecurity and resilience of the energy sector at www.energy.gov/ceser/office-cybersecurity-energy-security-and-emergency-response.