Module-OT: Optimized Encryption for Distributed Energy Resources (Text Version)

Module-OT is an encryption technology designed to secure communications between distributed energy resources and control centers across wide area networks. Watch this video to learn more about the technology and how it can protect modern power systems.

Danish Saleem: Modern energy systems are characterized by a shift towards diverse and distributed technologies—a blend of new and legacy energy resources, interconnected by data and control networks.

Greater connectivity improves communication and flexibility on the power system. But its effect on cybersecurity can pose challenges. More connections can create more options for cyber-attacks, and many cybersecurity standards for devices are either outdated or unenforced.

Such circumstances can leave energy systems unprotected, and a successful cyber-attack on even one device—say a PV inverter, electric vehicle charger, or an energy storage device—could potentially propagate to other connection points across a utility’s network.

While industry standards catch up to modern cybersecurity practices, the Department of Energy awarded National Renewable Energy Laboratory, or NREL, to develop a solution that protects distributed energy resources today. That solution, Module-OT, has advanced the state of the art for modern cybersecurity. Module-OT has been validated in the lab, demonstrated in the field, and has been proven ready to secure operational technology devices.

Module-OT works as a secure conduit for data between two devices or systems. All communications undergo three high-level functions—authentication, authorization, and encryption. These functions are implemented in open-source software that can easily be installed or embedded in many types of devices.

The technology provides wide-scale compatibility and convenience, as either a standalone bump-in-the-wire hardware, or an embedded software, both equally capable of securing operational technology devices that exist today.

It requires minimum memory and power to operate, it is compatible with a variety of Linux-based operating systems and architectures, and it also can be used with devices supporting common industrial control systems protocol. This design makes Module-OT uniquely functional as a stopgap for security vulnerabilities that exist in highly interconnected energy systems.

Steve Granda: The development of Module-OT involved a comprehensive survey of existing cybersecurity and interoperability standards, as well as a stakeholder workshop. Industry feedback came from a mix of utilities and technology vendors, in addition to project partners Sandia National Laboratories, the Public Service Company of New Mexico, and Solectria Solar.

To evaluate the device, researchers performed a series of attack scenarios in a laboratory environment, leveraging hardware-in-the-loop simulation at NREL’s Energy Systems Integration Facility, and successfully demonstrated Module-OT’s ability to withstand such attacks. These included, but were not limited to, man-in-the-middle, eavesdropping, and replay attacks.

The technology was then deployed at the Public Service Company of New Mexico’s 500-kilowatt PV and storage plant. Module-OT enabled secure communication between this remote facility and the utility’s operators without any disruption to operations.

Because of its simple design and modest hardware requirements, the field test evaluation demonstrated Module-OT’s ability to deploy at scale and at a reasonable cost.

Once installed, Module-OT is compatible with modern and legacy communication protocols for power systems information exchange, like SunSpec Modbus, DNP3, and IEEE 2030.5. These three communication protocols are supported by industry’s guiding interconnection standard, IEEE 1547-2018. This helps bridge the gap between modern and legacy devices by streamlining their communications over secure connections. 

Module-OT also meets current standards, including validation procedures for NIST Cryptographic Algorithm Validation Program and Federal Information Processing Standard Publication 140-2.

Danish Saleem: As urgency grows to secure modern electrical grids, with millions of new grid edge-devices that support distributed energy, Module-OT can provide that security for energy resources both new and old.

Pending industry’s developing standards, Module-OT provides the easiest and most effective technological option to standardize cybersecurity moving forward. And its open-source design allows it to be easily customized for future applications.

Module-OT is now available for license—and it provides an accessible and affordable option for stepping-up security across modern energy systems.