Q&A With Jennifer Guerra: Accelerating Innovation Faster Than the Speed of Threats
Energy is essential to our everyday lives. It powers our homes, businesses, and schools and keeps critical services operational. However, in the event of a successful cyberattack on the grid, energy reliability could be impacted.
At the National Renewable Energy Laboratory (NREL), a dedicated team of experts is working to fortify our energy systems against such threats through leading-edge research, collaborations, and technologies.
During Cybersecurity Awareness Month, learn from Jennifer Guerra, an NREL cybersecurity researcher, about how an NREL-led initiative is supporting a more secure and resilient electric grid through identifying urgent security gaps and accelerating innovative cybersecurity solutions to market.
Tell us about your journey to NREL.
I completed my bachelor’s degree and then was given the opportunity to study computer science, which I had never studied before, at the University of Tulsa. I jumped into the deep end through the CyberCorps Scholarship for Service program.
After graduating with my master’s, I ended up at Oak Ridge National Laboratory as a cybersecurity technical professional, and I spent two years focusing on cybersecurity and developing experiments to assess risk for industrial control systems. Throughout that experience, I found that I had a specific drive to integrate strong cybersecurity into the design of renewables as they are rapidly being integrated into our electric grid. I wanted to take an active part in reducing risk in the clean energy transformation.
What is your research area of focus? What projects are you currently working on?
My focus is on cybersecurity—specifically, it's on analyzing cyber threats and vulnerabilities with a goal to use those results to strengthen the industrial control systems and distributed energy resources that supply power to homes, businesses, critical services, and more. The main project I’m working on is the Clean Energy Cybersecurity Accelerator (CECA).
What is CECA?
The electric grid that we all rely on is evolving. According to the U.S. Energy Information Administration, renewables consisted of almost a fifth of U.S. electricity production in 2022. While we make our electric grid and all the control systems more efficient, we also have to build in robust protections. Sponsored by the U.S. Department of Energy (DOE) Office of Cybersecurity, Energy Security, and Emergency Response, CECA works with some of the largest utilities in the United States to identify the most urgent cybersecurity threats facing our electric grid and come up with a cybersecurity theme for each cohort. Based on the theme, we design realistic operational technology (OT) environments and threat scenarios and then use those to evaluate different cybersecurity solutions in industry and help them improve their components and achieve an accelerated market adoption of their innovative solutions.
How is this program beneficial to industry?
CECA is beneficial because we're focusing on not only the grid of today but also the grid of the future as we integrate renewables. For the solution providers, we provide a third-party testing environment to evaluate the performance of the solutions in OT environments. Through the process, the utilities become much more confident in their decision to purchase one of these solutions and integrate it into their architecture.
What is your role with CECA?
When I first joined the CECA team, I was a member of the threat team, where I developed emulation scenarios based on realistic cyberattacks to industrial control systems. I then tested how those selected solution provider components performed in preventing the attacks. Now, I'm the lead of operations—I determine the architecture of our environment to make it realistic and applicable for the different utilities. In the next few months of our current cohort, I will configure all our hardware, create virtual components, and integrate the different solution providers’ products.
What are some specific capabilities you use in CECA to validate solutions?
We use the Advanced Research on Integrated Energy Systems (ARIES) cyber range to create advanced virtualization and emulation environments that can include both information technology and OT equipment. Using the ARIES capability, we can validate different cybersecurity tactics, techniques, and procedures for industrial control systems without introducing more risk to the grid.
Why is this program so important for energy systems?
We're testing based on direct feedback and guidance from utilities on where they can improve their architectures and systems to make the whole grid more secure. CECA is a great use of our capabilities here at NREL with the cyber range, and we've had a lot of support from DOE to focus on what's important for today and tomorrow.
What are the consequences of a cyberattack on the grid?
Everything that we do relies on power nowadays. A cyberattack could cause instability in the grid. It can cause not only a disruption in how we live our everyday lives but also consequences to the utilities’ ability to balance demand and provide consistent power to critical services, like water treatment facilities or hospitals.
How do you think partners most benefited in this first cohort?
With the results, the utilities got to see how these solutions would be able to help their environment, and they gained confidence in their understanding of the solution.
What, if anything, will be different about the next cohort?
In the next cohort, we're going to incorporate much more OT hardware to represent the utilities’ environments and assess the impact that the solutions that are chosen may or may not have on their devices. We're integrating the hardware as a necessary component for the current cohort theme, but, in turn, it’s setting the foundation of what the CECA architecture can represent in the future. We can do a lot with the capabilities that we have available at NREL, and we're proving that by adding much more hardware this time.
What are you looking forward to in future CECA cohorts?
We’re expecting to expand CECA to improve the breadth and impact of the program—for both today’s grid and our future energy system. So, I look forward to using the CECA capabilities that have been created so far to expand how many providers we can test at one time and the different types of technologies that we can evaluate.
What do you do for fun outside of work?
I really like hiking all the local trails with my husband and my dog. I spend a lot of time growing my collection of house plants and caring for them. I also build custom furniture for my house. My most recent project is a floating faux black marble desk that can be raised to be a standing desk—that took a lot of ingenuity.
The CECA program is sponsored by DOE’s Office of Cybersecurity, Energy Security, and Emergency Response in collaboration with the Office of Energy Efficiency and Renewable Energy and NREL. Learn more about CECA.