Cybersecurity and Resilience
Securing the grid from cyberattacks is more complex than ever. Although there is no shortage of vendors offering solutions, objective voices are hard to come by. That's why NREL established the Cyber-Physical Systems Security and Resilience R&D Center.
The center, located at NREL's Energy Systems Integration Facility, serves as an independent resource for utilities and energy-sector companies to evaluate the security of new technologies and get objective insights on organizational cybersecurity efforts from experts in the field.
Download our cybersecurity brochureDownload
What Our Partners Say
"NREL's cybersecurity team provided the coordination and facilities to perform meaningful cybersecurity tests in a live distributed grid environment. This was all accomplished working with multiple vendors, integrators, and a very condensed schedule. The experience and exposure has been invaluable to BlackRidge Technology. The lessons we learned, along with the other cybersecurity vendors, will provide a blueprint for others in the industry, saving testing time and costs, and will allow us all to better protect the nation's distribution grid infrastructure."
- John Thuotte, Project Manager, BlackRidge Technology
Nine-Layer Security Testing
NREL researchers and leading cybersecurity vendors designed and built the Test Bed for Secure Distribution Grid Management—a hardware and software system that mimics the communications, power systems, and cybersecurity layers for a utility's distribution system. The test bed incorporates a nine-layer security architecture (seven-layer OSI model + two upper layers of GridWise Architecture Council Stack). It is applicable to any multisite information system in any industry that has real-time transactions—such as generation, transmission, and distribution— between users and/or systems, including online energy devices, electric vehicles, wind turbines, home energy networks, thermostats, and demand response systems.
NREL offers cyber evaluation that incorporates a 10-step systems engineering approach to security. This step-by-step process, designed to help companies maximize their cybersecurity efforts and dollars, follows a logical sequence where each step builds upon the step before.
The cyber evaluation team uses a tool that draws on two of the best known and most respected security guidance documents in the electric sector—the National Institute of Standards Technology's (NIST's) Cybersecurity Framework and the U.S. Department of Energy (DOE's) Cybersecurity Capability Maturity Model (C2M2). This tool, the Cyber-Governance Maturity Oversight Model, allows for immediate visibility into a company's cybersecurity operations relative to industry standards. With this model, NREL provides a list of prioritized action items for strategic investments in cybersecurity.
- Detailed software vulnerability scans for code under development and binary executables in use or in the implementation phase
- Cybersecurity awareness training for technical and nontechnical audiences
- Enterprise-wide security architecture development
- Streamlining business units to maximize cybersecurity awareness
- Organizational training on new cybersecurity technologies and business processes.
Center Director, Cyber-physical Systems Security And Resilience
Leverage our cybersecurity research capabilitieswork with us