NREL's Cyber Range Offers Eagle-Eye View of Federal Energy Asset Security

To Protect America's Energy Future, NREL Is Taking Cybersecurity Planning Off the Page and Into Living Color

April 29, 2022 | Contact media relations

Digital illustration of a virtual emulation environment, part of NREL’s cyber range, that allows NREL researchers to perform extensive cybersecurity research.
NREL’s cyber range will be used to map and visualize federal campus energy assets to identify cybersecurity threats and actions.

Federal Campuses Face a Complex Energy Security Landscape

Energy systems are decentralizing as increasing amounts of distributed energy resources (DERs) are introduced to the bulk power system. A single facility may feature solar panels, wind turbines, battery storage, and electric vehicle chargers, all of which constantly exchange information with one another as well as with the electric grid.

While this transformation offers diverse benefits in terms of energy savings and resiliency, it also introduces greater opportunity for cyberthreats.

Compared to traditional centralized generation, DER systems result in complex, data-driven communications networks, requiring careful coordination of such systems—and constant vigilance to ensure the assets of our grid are secure. Federal campuses in particular may grapple with higher stakes on both sides of the equation, serving as demonstration sites for innovative energy systems while also needing to secure energy data that, if compromised, could implicate issues of national security.

NREL Has Created a Framework To Assess—and Address—Cybersecurity Risks

To help federal energy managers assess, monitor, and manage cybersecurity, the National Renewable Energy Laboratory’s (NREL’s) Distributed Energy Resource Cybersecurity Framework (DER-CF) offers a comprehensive, web-based assessment tool focusing on cyber governance or policies, technical management, and physical security. The DER-CF tool guides users step by step through an assessment that helps them identify and resolve gaps in their cybersecurity posture. Currently, the tool provides a cybersecurity score and customized action plan for users to improve their organization's security controls and practices.

In its continuing quest to secure valuable federal energy assets, NREL is preparing an enhancement to the DER-CF that will take cybersecurity planning off the page and into living color.

Picture What’s Next: Interactive Visualization of Cyber Risk Scenarios Using NREL’S Cyber Range

DER-CF currently presents users with a series of pertinent cybersecurity questions, which are used to generate a site-specific report and recommendations. In the next iteration of the platform, NREL and the U.S. Department of Energy Federal Energy Management Program are elevating DER-CF to a new plane using NREL’s cyber range.

The cyber range generates emulated, multilayer grid environments that allow researchers to visualize and evaluate the interdependencies of power systems and network communications flows—and to safely explore vulnerabilities and mitigation effectiveness. This unique capability is helping researchers better understand how to improve the security, resilience, and black-start recovery of today's critical energy infrastructure.

Integrating with the cyber range will be transformative, allowing interactive visualization of current and future cybersecurity scenarios for each site.

Photo of an NREL cybersecurity researcher performing work on a computer while two other researchers look at data on a large screen in the background.
NREL researchers Josh Vannatta, Josh Rivera, and Shane McFly use the cyber range to visualize a real-time cyberattack. Photo by Dennis Schroeder, NREL

Visualizing Data To Enhance Cybersecurity of Federal Distributed Energy Resources

Visualizing DER-CF data with the cyber range will enable federal decision-makers to emulate a site-wide energy system for a more comprehensive picture of DER-related cybersecurity issues and strategies. The cyber range can also allow users to integrate other site data with the compliance and governance information collected using the DER-CF tool.

NREL project manager and DER-CF principal investigator Tami Reynolds sees the value of the cyber range for decision-making. “Many people are visual,” Reynolds said. “If we can actually show them the potential issues, it's going to be easier for them to understand and therefore invest time and resources.”

NREL’s Jordan Peterson is an engineer on the team integrating the cyber range with DER-CF. He sees significant advantages to integrating the cyber range’s visualization capabilities with DER-CF. “Users will get instant feedback―for instance, you could opt to enable secure communication and immediately see how that changes compliance,” Peterson said.

NREL’s Shane McFly, the technical lead for the integration project, adds that DER-CF in combination with cyber range capabilities can be used for training and decision support for executive personnel. For instance, a security analyst could make a compelling visual case to an executive that a new password policy should be put into place, despite a sizable investment of money and staff training time. Stating in a report that a system is noncompliant because it lacks a strong password policy is one thing, but showing decision-makers how a bad actor could gain access to the system and execute a distributed attack, making tens of thousands of login attempts in a short span of time, is another.

According to Peterson, “The cyber range is going to help provide data and show the potential results of an attack and how implementing the new policy would avoid it. Demonstration on a live system really helps.”

McFly believes this project will also offer unprecedented visibility for cybersecurity compliance. “Currently, we can provide information about the state of compliance, but it's really more like Q&A with a human being,” McFly said. “This project is taking it a step further―we're creating a system view of the state of compliance and we can use that to show people what we're suggesting they do. It will show users how these decisions and policies change the state of the system.”

McFly said development is ramping up. “By the end of 2022,” he said, “we hope to provide a static picture of the system, which uses color to provide an easily recognizable look at the state of compliance. The next step will be using our full cyber range visualization application―it will be three dimensional, able to dive down into specific pieces of the system, show dashboards to look at logs of the system, and run a simulation of the whole system.”

Learn more about NREL’s Distributed Energy Resource Cybersecurity Framework and cyber range.

Tags: Energy Security and Resilience,Energy Systems Integration