Q&A With Danish Saleem: Campaigning for Common Ground in Cybersecurity
In July 2022, Danish Saleem paced an NREL conference room encouraging debate on project priorities and moderating an "Idea Fest" of 5-minute pitches on new research frontiers.
Danish is a senior cybersecurity researcher who supports multiple efforts to develop novel cyber-technology solutions, next-generation networking concepts, and to standardize the cybersecurity requirements for systems of renewable energy technologies through consensus building. Convened by the U.S. Department of Energy (DOE), the July workshop assembled diverse energy sector stakeholders to discuss the state of energy system cybersecurity, its present challenges, and potential solutions.
He spoke with us about how standards bridge energy system stakeholders and the need for continuous attention and improvement in cybersecurity for critical infrastructure.
When did you notice there was a research gap around cybersecurity standards and modern energy systems?
When I began engaging with clean energy sector stakeholders in 2017 and 2018, I heard a disconnect in their perspectives on how to secure distributed energy resources (DERs). For example, an electric utility may look to vendors and manufacturers, though there is no cybersecurity certification program guiding what security features manufacturers should incorporate in their designs. Meanwhile, a device vendor may view the electric utility as responsible for the system-level cybersecurity of grid-connected assets. State energy officials and public utility commissioners rely on the IEEE 1547-2018 standard for connecting distributed generation to the bulk power system, but cybersecurity is outside its scope.
How is NREL addressing that disconnect between the different parties?
The DOE Solar Energy Technologies Office (SETO) was interested to hear what I had learned and to sponsor cybersecurity research and consensus-building around the device, network, application, and system level of distributed energy resources and inverter-based resources. There are now six national laboratories and a network of external partners contributing to the program, called Securing Solar for the Grid. The meeting in July was the first time we could meet together to measure our progress and collaborate.
Through funding from SETO, NREL started collaborating with UL in 2021 to develop a cybersecurity certification standard through engagement with clean energy industry stakeholders. With a well-tested and industry-approved cybersecurity certification program, all parties can be assured that certified devices were designed around baseline requirements.
In parallel, we have formed an IEEE working group to develop recommendations for implementing end-to-end security for DER interconnections with the grid.
What is the role of the industry advisory board in the development of new cyber requirements?
Cybersecurity is a continuous improvement process. The industry advisory board was formed to help evaluate current trends, gaps, challenges to improving security for the grid, and to guide the research priorities for the national laboratories. The board includes a diverse set of stakeholders from electric utilities, DER manufacturers and vendors, general contractors, academic universities, national associations, state energy officials, public utility commissions, and standard development organizations.
Can you share more on your background and how you came to NREL?
I applied in 2016 as an intern! I had a bachelor's degree from NED university of engineering and technology in Pakistan and was in the U.S. studying for a master's in electrical engineering from Florida International University.
When I was hired, NREL wanted someone with an electrical engineering background for the new cybersecurity research group. It seemed like an odd combination at that time, but having knowledge of electrical systems and devices was very valuable for developing appropriate cybersecurity concepts. It is not required, but it makes it little easier.
I didn't know much about renewable energy at that time, but I quickly found that I was in the right place. I attribute it to NREL's positive culture, leadership's willingness to hear employee concerns, and the mission-driven environment.
What was a challenging moment in your career?
Being a foreign national comes with certain default pressures. Following graduation, international students have a few months to find employment and failure means saying goodbye to your dreams, investment, and wishes.
Moving to another country is always challenging as you learn the new language, culture, and norms but I have also felt welcomed. I am proud to now be a resource for others as one of the founders of the Global Employees Resource Group. The group is a safe place where NRELians from all countries, nationalities, and backgrounds help each other find commonalities, navigate American culture, and ask those questions they may not feel comfortable asking peers or managers.
What other projects or initiatives that you are proud of?
Module-OT is one of my greatest accomplishments. Many power systems rely on unencrypted communication networks, so we set out to design a low-cost, low-lift solution that can protect both legacy and new electric grid devices against common cyberattacks. Invented at NREL and field-tested on utility scale PV system, Module-OT is vendor agnostic and requires minimal changes to operational technology.
What would your job be if you weren't in engineering?
My family members are all business owners; I am the odd one out. If I wasn't in engineering, I would probably be running a small business.
And what do you do when you aren't working?
Living in Colorado means you get to enjoy year-round activities. In the summertime, I love barbequing or taking long scenic drives with the bass turned up. I also cherish quality time with my kids – I have a 4-year-old daughter and two-year-old son.
Learn more NREL's efforts to develop cybersecurity standards and consensus for distributed energy resources.