In the U.S. businesses, municipalities and individuals are driving the digitization of the energy sector, spurred by the climate change goals and financial incentives for clean energy in the federal Inflation Reduction and Infrastructure Investment and Jobs acts.
Consequently, many are replacing a portion of the power they get from traditional energy grid sources —coal and natural gas— with distributed energy resource systems, or DERs, such as wind and solar farms to help meet climate change goals and reduce energy costs.
However, these systems are internet-connected, which means they need to be secure from cyberattacks. The technological transformation of the energy sector is bringing into focus the nexus between cybersecurity and power for policymakers.
In April, the FBI warned Congress that Chinese hacking groups will likely target critical infrastructure, including electric grids, which DERs provide power and services to in exchange for payments.
Before the FBI’s warning, in late March, the U.S. Department of Energy (DOE) announced $15 million in grants to establish six university-based cyber security centers for electric power to work with energy grid owners, operators and vendors.
For two years, the University of Connecticut, Iowa State University, University of Pittsburgh, Illinois Institute of Technology, Texas Tech University and Florida International University were selected by the Energy Department’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) to conduct innovative cybersecurity research and provide cybersecurity training relevant to local energy workers and regional energy issues.
“Texas Tech’s center will be focused on two areas: One is rural co-ops and small utilities that provide power for farming activities, rural communities, rural activities, and large-scale wind farms that we have a lot of here in West Texas,” Manohar Chamana, an assistant professor at Texas Tech University’s National Wind Institute, told Government Market News. Chamana is a principal investigator on the project who helped the school get $2.5 million from the DOE to set up a cybersecurity energy center in high plains city of Lubbock, Texas
West Texas has the largest footprint of wind farms in the U.S., and there are concerns about them being subject to cyber-attacks, Chamana said.
Cyberattacks on rural infrastructure in the U.S. should not be dismissed, Chamana said
“The energy cybersecurity nexus is important,” Chamana said. “That’s the reason why the Department of Energy has been funding this project because they know there can be more cyber-attacks from other nations on critical infrastructure in rural areas.”
In January, the Texas panhandle towns of Hale Center, Lockney and Muleshoe were reportedly attacked by a Russian-sponsored hacking group that successfully caused the towns’ water systems to overflow, according to an Associated Press report.
Texas Tech will develop a curriculum and experiments with private and public partners to address various stages of cyber-physical attacks of grids such as attack detection, prevention, impact analysis and recovery plans. The focus will be on DER integration with rural utilities that operate on Texas’ power grid.
Texas Tech’s industry advisers on the center include Sandia National Labs, Southwest Texas Electric Co-Op, West Texas A&M University. Other vendors and companies advising Texas Tech do not want to be named because of security concerns, Chamana added.
Iowa State University will work with industry partners and other universities in Minnesota, Illinois and Michigan to develop its cybersecurity center with a $2.5 million grant from the DOE, Iowa State electrical and computer engineering professor Manimaran Govindarasu told Government Market News.
Project partners will also contribute an additional $1 million for cost-share funding, equipment and labor costs. Researchers from the University of Illinois Urbana-Champaign, the University of Minnesota Twin Cities, Michigan Technological University, GE Vernova, Argonne National Laboratory and the National Renewable Energy Laboratory will work with Iowa State to establish the Center for Cybersecurity and Resiliency of DERs and Microgrids-integrated Distribution Systems.
Researchers will focus on protecting grids that have wind and solar farms and microgrids by developing computer algorithms and artificial intelligence tools to detect and mitigate cyberattacks in real-time, Govindarasu said. The center will also develop a curriculum, capstone design projects, cyber-defense competitions and hands-on workshops for industry and utility employees in rural areas
“We’ll work with local industry in Iowa, Minnesota, Illinois and Michigan to understand and respond to the needs of local industry, ” Govindarasu said. “That’s the emphasis here.”
In the Northeast, the University of Connecticut’s cybersecurity energy center will focus on keeping the region’s growing offshore wind farms secure from attacks.
“We have lots of offshore wind energy and that’s very unique as compared to all other centers selected,” said Junbo Zhao, an assistant professor at Connecticut’s College of Engineering and the principal investigator for Connecticut’s Northeast University Cybersecurity Center for Advanced and Resilient Energy Delivery, or CyberCARED. “We’re going to consider both cyber and physical type of security events within our center, but the main focus will be on the cybersecurity.”
Security for the Northeast’s high adoption of electric vehicles, electric thermostats and heat pumps, will also be a focus of the center, Zhao said.
“Those are some of the areas we are going to look at and understand their vulnerability to cyber and physical events,” Zhao said.
CyberCARED, which will launch in early May, also received an additional $1.1 million from its industry partners, Eversource Energy, the National Renewable Energy Lab, Raytheon Technologies Research Center, and Gridmetrics.
Connecticut is also partnering with five universities on the project to develop a curriculum and laboratories with its partners on CyberCARED, Zhao said.
“The idea for this project is that we’re going to work with different universities and stakeholders across the region to unify the expertise from each of us, and put everything into this into this common platform,” Zhao said.
The center will have research, training, cybersecurity and energy system programs, a test bed for experiments, certificate programs for industry workers and students, workshops and competitions, Zhao said.
Zhao also emphasized CyberCARED’s sustainability plan when federal funding for the program eventually dries up.
“We would like to work with state and local governments for furthering the scope of the center, and then getting more sustained support for them,” Zhao said.
The six cybersecurity centers, according to the DOE are:
- The University of Connecticut (Mansfield, Connecticut) will develop tools to isolate and mitigate the effects of cyber-attacks on distributed energy resources (DER) to quickly restore devices to operational states. The project will use data from across the Northeast region’s urban, suburban, and rural environments, making this work scalable to a variety of system operators and utilities. Project title: CyberCARED: Northeast University Cybersecurity Center for Advanced and Resilient Energy Delivery
- The Iowa State University (Ames, Iowa) will focus on improving the security and resilience of the distribution grid that includes DER and microgrids, including real-time cyber situational awareness for distribution management systems. Several project partners bring expertise in rural energy issues, which is key for implementing next-generation grid infrastructure. Project title: CyDERMS: Center for Cybersecurity & Resiliency of DERs and Microgrids-integrated Distribution Systems
- The University of Pittsburgh (Pittsburgh, Pennsylvania) will use digital twins to evaluate the effectiveness of protections for cyber-attacks and assess the impact of cybersecurity compromises. Their diverse project partners will help focus the project on existing gaps in cybersecurity research. Project title: University of Pittsburgh Cyber Energy Center
- The Illinois Institute of Technology (Chicago, Illinois) will address cybersecurity issues in DER and microgrids and understand how system operators can contribute to efficient cyber attack detection and response. They plan to distribute their findings through workshops, symposia, and trainings. Project title: 2MC: Midwest Center for Microgrid Cybersecurity
- The Texas Tech University (Lubbock, Texas) will develop a single framework that addresses the various stages of cyber-physical attacks such as attack detection, prevention, impact analysis, and recovery plans. It will focus on DER integration on rural utilities within the Texas power grid. Project title: A Clean Energy and Rural Electric Industry-focused University Cyber-Physical Security Center
- The Florida International University (Miami, Florida) will explore the moving target defense (MTD) technique as a way to prevent cyber attacks by “hiding” the system from the adversary. This could be especially useful in systems with communications channels that can easily be rerouted or switched. Project title: Center for Agile and Intelligent Power Systems (CAIPS): Cybersecurity Research, Development, and Workforce Training