Cybersecurity Technology Innovation

IViz-OT is a unique intrusion visualization tool that locates and visualizes cybersecurity threats on grid operational technology networks. The tool, designed for system owners and operators, delivers real-time situational awareness of the nature, causes, and location of attacks impacting the electrical grid. IViz-OT works with NREL’s Hybrid Intrusion Detector for Energy Systems (HIDES) to process grid information, detect intrusions, and create a log of alerts. IViz-OT then visualizes the data produced by HIDES to rapidly alert grid operators of anomalies. Interested organizations can apply to use IViz-OT via the U.S. Department of Energy's Lab Partnering Service.

Blockchain technology has the potential to transform information sharing among power grid stakeholders, advanced distribution system controls, and devices by enhancing transparency, improving security, and creating new value. Establishing a digital identity for devices such as smart appliances, electric vehicles, or rooftop solar could enable a secure, market-based approach for the trade and management of energy in a highly distributed system. NREL's research projects in this area provide insight to utilities and industry on leveraging blockchain to enable trusted communication among millions of energy devices.

Blockchain for Optimized Security and Energy Management is a multilab project within the U.S. Department of Energy's Grid Modernization Laboratory Consortium to develop blockchain-based concepts for device security, secure communications, and grid resilience. The project explores how blockchain can enable authentication of operating parameters for generation assets, secure communications for accessing and balancing demand response, secure market operations at the distribution level, and secure registration and authentication of distributed energy resources.  Blockchain for Optimized Security and Energy Management will provide insight to utilities and industry on leveraging blockchain to enable trusted communication among millions of energy devices.

Cyber-informed engineering empowers engineers with tools and methods to integrate cybersecurity into the early design stages and throughout the life cycle of engineered systems. NREL is coleading a cyber-informed engineering program with Idaho National Laboratory centered on five pillars: awareness, education, development, current infrastructure, and future infrastructure. Learn about the cyber-informed engineering program and how NREL is advancing cyber-informed engineering in the interest of designing secure, clean energy systems.

Firmware controls millions of power-connected devices including protection components and advanced inverters. However, little insight exists into the security of the firmware supply chain, or the code libraries included in the firmware. In collaboration with Argonne National Laboratory, Idaho National Laboratory, and Sandia National Laboratories on the Grid Modernization Laboratory Consortium project, Firmware Command and Control, NREL is investigating the security of internal software in devices that interact with the grid. The cross-laboratory team is creating an agile embedded response capability, with baselined firmware and behaviors and bidirectional sharing of threats.

In collaboration with Idaho and Oak Ridge national laboratories, NREL is evaluating the cybersecurity risks and challenges associated with electric vehicle fast-charge stations. Researchers are evaluating high-consequence cyber events for electric vehicle fast chargers, leveraging the Advanced Research on Integrated Energy Systems Cyber Range to connect a fast charger in the laboratory to an emulated distributed energy system. Using the cyber range, researchers can compare attack scenarios to existing security protocols and identify vulnerabilities and refine cybersecurity protection and mitigation strategies.

NREL is also evaluating the application of public key infrastructure (PKI)—a method for encrypting information exchange and certifying the authenticity of devices—to help ensure digital trust between vehicles and charging stations. This project brings together various automakers and the EV charging sector in a cooperative effort led by SAE International to strengthen EV cybersecurity through wide industry engagement on pre-competitive research.

Module-OT is a lightweight solution for securing data by encrypting, authenticating, and authorizing communications across distributed energy systems. Module-OT provides low-latency, accelerated encryption for operational technologies—either as stand-alone hardware or as embedded software—and is available for commercial use. The module requires minimal configuration from system administrators, is functional for both modern and legacy devices, and is portable to a variety of Linux-based operating systems and architectures. In laboratory and real-system evaluations, Module-OT has demonstrated reliable security against a range of possible cyberattacks on critical system infrastructure, with significant improvements in end-to-end communication latency. Module-OT has received a Certification Algorithm Validation Program certificate; has been validated in a high-fidelity, utility-grade environment with 500-kW of solar PV and storage; and can be used for operational technology applications outside of energy systems.

NREL is evaluating the ability of 5G communications to address the inherent cybersecurity risks of increased interconnections among new devices and the electric grid—and the supply chain risks associated with such devices. Benefits such as network-slicing features can improve the performance, security, and reliability of grid devices and services, which is especially important as new technologies are introduced to increasingly distributed energy systems. With laboratory-directed funds, NREL is evaluating use cases that employ 5G communications to mitigate the impact of cyber threats to distributed energy systems.

NREL is developing Situational Awareness of Grid Anomalies to monitor resilience on the electric grid. Situational Awareness of Grid Anomalies will take advantage of cable broadband lines, which carry data related to power system operations, to create high-speed and high-resolution visual analytics. Operators can use this tool to examine relationships between cyber and energy events and rapidly detect and analyze anomalous activity.