The phrase “think globally, act locally” may be most associated with environmental activists such as folk singer Pete Seeger, but it is also becoming a watchword in the buttoned-down world of electric power security.
The U.S. Dept. of Energy (DoE), through several recent funding rounds, is enabling new collaborations between university researchers, national laboratories, industry research associations, and individual utility companies to strengthen power grid cybersecurity. Frank Cilluffo, director of one of the entities receiving a DoE grant, said the partnerships need to keep a balance of national cybersecurity goals and local relationships topmost in mind.
“If there were a sort of tagline, it’s thinking nationally and bringing the best to bear, but acting locally – the regional approach that is so important,” said Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security. “In cyber issues, unless you understand the pain points and the day-to-day for a particular individual, it’s very hard for someone from somewhere else to say, ‘This is the way to do it’.”
The McCrary Institute will partner with Oak Ridge National Laboratory (ORNL) to create the Southeast Region Cybersecurity Collaboration Center (SERC3), a pilot regional cybersecurity research and operations center to protect the grid against cyberattacks. Funded by a $10-million grant from the DoE, with another $2.5 million coming from the university, it will include a mock utility command center to train participants from academia, government, and the electric power industry in real-time cyber defense.
SERC3 is just one entity in a concerted DoE effort to bolster both technical and human capabilities in grid cybersecurity operations. Among those efforts, all funded by the DoE’s Office of Cybersecurity, Energy Security and Emergency Response (CESER), was a 16-project, $45-million program split between commercial entities such as General Electric Research, academic labs, and independent research organizations such as the Electric Power Research Institute (EPRI). Another $15-million round will fund six university-based electric power cybersecurity centers throughout the U.S., with a goal to develop both new technologies and a well-trained cybersecurity workforce.
Each of these projects also includes partners such as regional utilities. The University of Connecticut’s Northeast University Cybersecurity Center for Advanced and Resilient Energy Delivery will include colleagues from the University of Rhode Island, University of Massachusetts Lowell, University of Vermont, Central Connecticut State University, and New York University. Also involved in the project are another 20 public and private-sector stakeholders, including Eversource Energy, Avangrid, and the DoE’s National Renewable Energy Laboratory.
The University of Pittsburgh’s Cyber Energy Center (CEC) project will include industry and public sector partners such as regional utility Duquesne Light; regional transmission organization PJM, which coordinates wholesale electricity distribution in all or parts of 13 states and Washington, D.C.; Sandia National Labs, and others. The CEC’s principal investigator, associate professor of mechanical engineering and materials science Daniel Cole, said the new centers are launching at a crucial time for a “woefully underprepared” sector.
“The fact that DoE has an office putting money into this area is a good thing,” Cole said. “Government funding is sort of a ‘funder of first resort’ because nobody wants to spend the money — so it de-risks the area as technologies in it grow.”
Moe Khaleel, associate laboratory director for national security sciences at ORNL, said as welcome as the CESER funding may be, the greatest benefit from the new projects might be the heightened sense of community and collaboration that emerges. “What we are trying to do together with SERC3 is not about attracting research dollars,” Khaleel said. “Oak Ridge is a $2.7-billion national lab, so it’s not about the dollars. It’s about the impact. We collectively believe the threats are real and we need solutions and we need them now.
“The big thing with SERC3 is not to look in the rear view mirror and look for threats we know,” Khaleel said. “We are trying to look at what could happen in front of us; we believe different cyberattacks will emerge in different forms. That is why you need close coupling between something like SERC3 and the utilities and the universities.”
The OT/IT gap
Traditionally, electric utilities’ operational technology (OT), such as meters and information technology networks, were predominantly segregated from each other; to some extent, that segregation mitigated the likelihood of a single point of failure brought about by a network incursion.
However, as the informational needs of the power grid become more complex and the connected “smart grid” expands – including governing distributed OT energy resources such as wind turbines and photovoltaics — so, too, do the cybersecurity needs for grid operators, according to Jason Hollern, EPRI’s technical executive of digitalization.
“New technologies will also require additional communications pathways — from the cloud, for example — that might interact directly with OT equipment,” Hollern said. “I see that becoming more the case in the future, because of artificial intelligence, automation, and multi-entity parties on the grid.”
There are still obstacles to ensuring the cybersecurity of these new blended networks. Cole at the University of Pittsburgh said there is still a communications gap between OT and IT experts that needs to be addressed. Also, the shortage of people trained in OT cybersecurity is glaring; a March 2024 report by the Government Accountability Office found vulnerabilities reported through the Cybersecurity and Infrastructure Security Agency’s (CISA) process often take more than a year between the initial report of a vulnerability and public disclosure, and that CISA staffing — only four full-time staff members and five contractors — is insufficient to meet national cybersecurity needs.
Mason Rice, director of cyber resilience and intelligence at ORNL, said existing acquaintance among national labs’ OT research community will help kick-start collaborations in the CESER-funded programs.
“Almost all the OT researchers at the labs know each other,” he said. “We all went to the same schools, we’ve all shared jobs, some of us even jumped from one lab to another. I spent 22 years in the Army prior to this and I knew a bunch of the OT researchers at the labs even before I retired. That collaboration among the labs is essential to making all this work, because there are not enough people out there with OT skills to do all the work necessary. That’s another bonus for SERC3, because we can graduate more OT professionals and get them out there to industry.”
A common ‘twin’ path
One of the cybersecurity technologies receiving a lot of attention among the researchers receiving the CESER grants is that of a “digital twin” — a painstakingly accurate data model of an operational network capable of both backward-looking analysis and forward-looking forecasting. Both EPRI and the CEC at Pittsburgh will be creating digital twins as part of their projects. ORNL already has created one in its labs, according to a 2021 primer on digital twins and cybersecurity published by EPRI. Hollern said EPRI has already done a lot of work in developing digital twins within the context of trying to predict equipment failures brought about by physical anomalies.
“We’ve studied the physics about how the equipment really works,” Hollern said. “We’ve developed physics equations and coupled that with real data from the piece of equipment itself, married them together, and that helps us understand the strain on the equipment based on loading and where parts and pieces inside may be incurring damage.”
The principles behind using digital twins in “wear-and-tear” scenarios could very well be modified for cybersecurity, he continued.
“We know how that equipment should run,” he said, “so we can in theory take that and try to determine when a cyberattack or anomalous activity is occurring in that piece of real equipment based on the differences. We can also use that digital twin to develop attack scenarios. We can attack that twin and it will tell us what the resulting performance will look like, so if we see that happen it will give us a better idea of what could be happening with the control system, or sensors or communications pathways.”
The CEC in Pittsburgh will be exploring three aspects of digital twins in its project. First, it will explore how digital twins can help the energy sector better manage energy and its security. Second, it will quantify uncertainty in digital twins, and determine how that uncertainty propagates through time and manifests itself in the situational awareness of energy operators. Third, it will investigate aspects of the digital twin models, how service buffers fill and empty, and their effect on the rest of a system.
CEC director Cole said industrywide heightened awareness of the interplay of digital and physical data, and recent advances in machine learning, could help researchers as they dive into developing the twin technology.
“Digital twins are one way to take advantage of data,” Cole said. “The idea that I can take complicated models that might be written down from first principles — solve huge systems of equations that depend on physics to figure out what is going on that is very computationally intense — new capabilities in machine learning help us build models that can emulate that effectively, and be done at speed.”
Timelines to operations and sustainability
The grant recipients have all started establishing their centers. Cole said graduate students at the CEC will begin research in the fall 2024 semester, and that he has already begun speaking with its industry partners to fine-tune what sort of research will be relevant to their cybersecurity needs.
“Organizationally, it creates an opportunity for people at the university to better interact with industry,” he said. “We can create solutions that have value for them. There wouldn’t have been anything that necessarily prevented us from doing that before, but having the DoE’s blessing is a huge stamp of approval.”
Getting up to speed quickly is paramount, Cole said; CEC funding for the first two years will come from the grant. After that, revenue needs to come from membership.
“That also ensures we are doing work that will be of value to them,” Cole said.
SERC3 organizers said it will take just about a year to become fully established. The computing infrastructure, which will reside both at Auburn and at ORNL, will be in place in the second quarter of 2025, and classes for students will start the following quarter.
Both Cole and Khaleel said the establishment of the centers is just the first step and ongoing collaboration across academic and industrial sectors and between the regional centers will be vital. Cole said he expects meetings will be held at least on a quarterly basis. Khlaleel said given the interconnected nature of much of the U.S. grid, going it alone on cybersecurity is not a realistic approach anymore.
“It’s really paramount that the DoE takes first steps to establish the regional centers,” he said, “because the threats are real. For a long time we have been stovepiped in our thinking, how we partner, how we view challenges, and I don’t think that will work as we go forward.”
Gregory Goth is an Oakville, CT-based writer who specializes in science and technology.
Join the Discussion (0)
Become a Member or Sign In to Post a Comment