$45M Federal Boost for Cyber Resiliency of Energy Delivery Infrastructure
The Department of Energy (DOE) will furnish 16 innovative projects with $45 million in federal funding to develop cybersecurity tools and technologies that thwart cyber attacks in the power and oil and gas energy delivery systems.
The $45 million funding stems from a 2022 funding opportunity announcement (FOA) overseen by the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). The effort seeks to promote the development of “next-generation” technologies that will “become widely adopted in the energy sector to reduce a cyber incident disruption to energy delivery,” the DOE said. Project selections, unveiled on Feb. 26, will now proceed to award negotiations.
The FOA, notably, sought solutions that would be “interoperable, scalable, readily manageable advanced tools and technologies and are compatible with common methods and best practices.” In addition, the DOE suggested solutions should be prepared to transition to broader adoption, including through commercialization or open source.
Finally, the tools or technologies “must not impede critical energy delivery functions; must not introduce a burden for operating and maintaining the system; must be manageable by asset owners; must recognize energy reliability as a priority; must be demonstrated at a domestic asset owner/operator site to validate a clear path to industry acceptance; and must be red-team tested by an independent third party using project funds,” the DOE said.
The funding is split into six topic areas: Automated Cyberattack Prevention and Mitigation; Security and Resiliency by Design; Authentication Mechanisms for Energy Delivery Systems; Automated Methods to Discover and Mitigate Vulnerabilities; Cybersecurity through Advanced Software Solutions; and Integration of New Concepts and Technologies with Existing Infrastructure.
GE Vernova, the only selectee under the “Automated Cyberattack Prevention and Mitigation” topic, will develop a “small form-factor, secure computing platform that will be connected to the operational technology [OT] network for natural gas compressor stations,” the DOE said. Natural gas compressor systems are “important for maintaining proper gas flow to fuel nearly 40% of all electricity generation in the U.S.,” it noted.
Another six selected projects could pursue the second topic: Security and Resiliency by Design. They include:
- EPRI, which will develop an advanced artificial intelligence (AI) and data processing capability to detect and respond to cyber incidents in control system endpoints at the grid edge. EPRI will also research, develop, and demonstrate zero-trust architectures “for a secure and private 4G LTE and 5G communications network” designed to meet the unique needs of electric power systems, primarily focusing on integrating distributed energy resources (DER) and microgrids.
- GE, which will strengthen the security of communication protocols used in generation, transmission, and distribution. The project will also seek to validate, harden, and standardize “a new protocol to replace the non-secure protocol currently in use.” In addition, GE will develop an “innovative ability using quantum communication to securely communicate time-sensitive coordination messages that are important to the resiliency of the power grid.”
- Georgia Tech will meanwhile develop GridLogic, a framework for cyber-physical security of the electricity grid and DERs. The tool “will impede cyber-attackers and even a malicious insider operator from taking actions that are detrimental to the electricity grid,” the DOE said.
- Iowa State University will develop “technical solutions to be incorporated within the initial stages of future DER–integrated grid infrastructure development lifecycle” for a more resilient operation of critical control functions.
Under the third topic—Authentication Mechanisms for Energy Delivery Systems—EPRI will enhance two communications standards to perform centralized management of authentication and authorization services in a zero-trust architecture. Texas A&M will also research, develop, and demonstrate a zero-trust authentication mechanism using post-quantum cryptography. Kansas State University will separately work to fortify smart grid security by improving existing standards with authentication, secret key establishment, and encryption for secure communication among smart grid nodes, inverter gateways, and additional grid-edge devices.
Several projects will also focus on developing automated methods to discover and address vulnerabilities, including detection and prevention of ransomware attempts at the hardware, firmware, and/or software level within embedded architectures. Georgia Tech, notably, will develop “DerGuard,” a framework utilizing AI techniques for automated vulnerability assessment, discovery, and mitigation in DER devices. New York University will develop “an integrated and scalable digital twin for security and code verification.” The “DISCOVER” tool will seek to detect and mitigate vulnerabilities and malware with a focus on ransomware introduced through software/firmware in the power system supply chain.
Separately, as the sole recipient under Topic 5—Cybersecurity through Advanced Software Solutions —EPRI will apply digital twins to detect attacks in power generation assets “that focus on malicious modification” of the OT system. The DOE suggested it would furnish the project with $2 million per its 71% cost share.
Under Topic 6, the FOA sought new concepts and technologies that could be integrated into existing infrastructure. It notably urged collaboration between solutions providers and asset owners with the key aim of validating and demonstrating novel technology. Topic 6, unlike the other topics, includes a single phase involving demonstration. The DOE expects its total contribution for two projects picked for the 50-50 cost-shared demonstration awards will be $1.5 million.
Under the topic, GE Packaged Power—whose line of business includes manufacturing turbines and turbine generator sets—will partner with GE Vernova Advanced Research to demonstrate GE’s Attack Detection and Accommodation (ADA) technology within five targeted industries: natural gas power generation plant, onshore wind farm, hydropower generation, grid substation, and natural gas pipeline distribution.
The Research Foundation for the SUNY will separately demonstrate “encryption of data in the power grid network.” The effort will also allow smart network nodes “to have access to the encrypted data and enable desired functions such as false data injection detection,” the DOE said.
—Sonal Patel is a POWER senior associate editor (@sonalcpatel, @POWERmagazine).