Q&A With Maurice Martin: Advancing Cybersecurity on the Front Lines of the Modern Grid
Now, as a senior systems security and resilience researcher in the National Renewable Energy Laboratory (NREL) Cybersecurity Science and Simulation Group, Martin works with utilities to understand their cybersecurity needs and creates tools to meet critical challenges. His work, and the work of others in the Energy Security and Resilience Center, is helping to lay the groundwork for a secure, 100%-clean energy grid.
What attracted you to engineering?
I was interested in science and engineering as a kid, and I spent a lot of time playing with electronic project kits, like the RadioShack 65 in 1. I always liked math, and the engineering speakers caught my attention on career days in high school. While finishing my undergraduate electrical engineering degree, I was pulled into a research project that would lead me to pursue a graduate degree in systems science.
What is systems science?
It's the study of systems, which can be anything—a living organism, a building, or a spacecraft. Systems science looks at commonalities across many different types of systems to better understand how they work. It's a relatively new science, but it becomes more critical as our human-built systems become more complex and expansive. It helps make sense of what, at first, might seem to be chaos.
You can apply this approach to cybersecurity for the grid, which is itself a system. Among other things, systems science can help anticipate the unintended cybersecurity consequences of changes to the grid. That allows you to stay ahead of emerging vulnerabilities.
How did systems science lead you to cybersecurity?
Well, for a time, I stepped away from science and engineering and worked in writing and publishing. Eventually that led me to work at the National Rural Electric Cooperative Association (NRECA), supporting their technology research through writing and editing. At NRECA, I learned a lot about the electrical grid, and over time, I saw the connection between cybersecurity and systems science and how they both could support efforts to protect the grid. NRECA needed someone to manage their cybersecurity research, which was becoming more important to utilities. So that became my full-time job, and it led to a cybersecurity position here at NREL.
When did cybersecurity become a priority for power system operations?
There was no one moment. For a while, the focus was on regulatory compliance—in the U.S., the North American Electric Reliability Corporation developed the first standards for critical infrastructure protection. But over time, the steady drumbeat of cyber compromises in different sectors has shown that no industry is immune. In 2015 and 2016, cyberattacks caused power outages in Ukraine, and we've seen proof-of-concept demonstrations that cyberattacks can damage power equipment. All this has created a desire for proactive cyber resilience measures that address concerns about reliability, affordability, and public safety.
NRECA developed cybersecurity guidance for member utilities to implement, and contributing to that effort was a great learning experience for me. Since coming to NREL, I wrote a cybersecurity guide and contributed to a webinar series for utilities in the Caribbean for a project under NREL's partnership with the U.S. Agency for International Development. Utilities in the Caribbean face a lot of the same challenges as rural utilities in the U.S.—they may be under-resourced and looking to maximize their investment in cybersecurity. I enjoy interfacing with utilities to learn what challenges they're facing and what they need from us.
What cybersecurity concerns do you hear from energy sector stakeholders?
A lot of them are facing uncertainty, limited funds, and limited staff time. They're making changes to their systems and adding renewables, and they feel like they're embarking on these changes without a clear sense of risk. They're looking for guidance on how to communicate that risk to the decision makers in their organizations, which can also be a challenge.
How is NREL addressing these issues?
One project I'm excited about is called Cyber100 Compass. It's intended to help system planners charting a road map to high levels of renewable energy and is sponsored by the DOE Office of Electricity and the Office of Cybersecurity, Energy Security, and Emergency Response. Eleven U.S. states now have goals to be 100% renewable by 2050, as do at least 200 U.S. cities. As they make changes to decarbonize their grids, there's going to be an impact on cybersecurity. So, the project looks at what we can do to make that journey more cyber-secure.
Have NREL and DOE embraced cybersecurity as part of energy systems?
I've been lucky with timing in my cybersecurity career—I boarded the train just as it was taking off in the grid space. When I joined NREL, there were perhaps five members of the cybersecurity research group, and we now number about 40. DOE and NREL leadership have recognized that we need to do more to address current cybersecurity threats. We need to engage in research and find ways to support those on the front lines, whether that's by inventing new cybersecurity functions or making existing functions more manageable.
The chance to join NREL's team gave me the opportunity to engage with researchers who are doing amazing things throughout the entire national lab system.
What do you do for fun outside of work?
I have an 8-year-old son, so a lot of my time is spent with him. His soccer team needed coaches this season, so I volunteered as a "junior coach" since I know less about soccer than anyone! He's recently gotten into scouting, so that keeps me busy. I do a little woodworking now and then, but my experience there is in its very early days. I just enjoy spending my off hours doing things that are tangible—cutting pieces of wood and screwing them together. It's a nice break from probabilistic cyber risk and other digital abstractions. It helps to touch something solid every now and then.
Learn more about NREL's work in cybersecurity for modern energy systems.