Berkeley Lab is an active participant in cybersecurity for cyber-physical systems and operational technologies. Recently, this work has focused on the electric power grid and has been funded largely via DOE’s Cybersecurity for Energy Delivery Systems (CEDS) R&D program. This work includes collaborations with academic, vendor, and utility partners.
Berkeley Lab's work in security for power grid control systems emphasizes both its historical role in developing, deploying, and testing the Zeek (Bro) Network Security Monitor, as well as novel ideas that leverage and integrate physics – such as physical limitations, physical sensor output, and insight into commands sent to control systems – to help monitor and protect networked energy system devices under control.
Recent highlights of Berkeley Lab's cybersecurity R&D activities include
- Developing security monitoring systems for cyber-physical systems that integrate insights about the physical limitations of those systems into network security monitoring,
- Leveraging high-resolution physical sensors combined with SCADA to identify cyberattacks on power grid distribution systems, and
- Enabling automated response to attacks on solar inverters.
Data is frequently not shared by organizations because it is considered sensitive in some way. This project aims to develop techniques for enabling data analysis for the purposes of detecting and/or investigating cyberattacks against energy delivery systems while also preserving aspects of key confidentiality elements within the underlying raw data. The result will be a solution for anonymization of data collected from OT and IT networks pertaining to energy grid cyberattack detection that has been tested for its ability to retain privacy properties and still enable attack detection. Contact: Sean Peisert (Peisert on the web)
The mission of Trusted CI – the National Science Foundation Cybersecurity Center of Excellence – is to improve the cybersecurity of NSF computational science and engineering projects while allowing those projects to focus on their science endeavors. As the National Science Foundation Cybersecurity Center of Excellence, Trusted CI draws on expertise from multiple internationally recognized institutions, including Indiana University, the University of Illinois, the University of Wisconsin-Madison, the Pittsburgh Supercomputing Center, and Berkeley Lab. Drawing on this expertise, Trusted CI collaborates with NSF-funded research organizations to focus on addressing the unique cybersecurity challenges faced by such entities. Contact: Sean Peisert (Peisert on the web)
The Supervisory Parameter Adjustment for Distribution Energy Storage (SPADES) project will develop methodology and tools allowing energy storage systems (ESS) to automatically reconfigure themselves to counteract cyberattacks against both the ESS control system directly and indirectly through the electric distribution grid. The reinforcement learning defensive algorithms will be integrated into the National Rural Electric Cooperative Association (NRECA) Open Modeling Framework (OMF), thereby allowing defensive strategies to be tailored on a utility-specific basis. The major outcomes of this project will be the tools to isolate the component of the ESS control system that has been compromised during a cyberattack, as well as policies for changing the control parameters of ESS to mitigate a wide variety of cyberattacks on both the ESS device itself and the electric distribution grid. Contact: Daniel Arnold (Arnold on the web)
Berkeley Lab is leading two working groups relating to cybersecurity issues in inverter-based resources (IBR) and distributed energy resources (DER). The first working group is examining cybersecurity issues in AI-based automation for IBR/DER. Automation has brought significant advantages to the power grid for ensuring stability, increasing efficiency, and even providing cybersecurity benefits. At the same time, automation significantly increases cybersecurity risks because automated systems can be remotely attackable and have similar vulnerabilities to other types of computing systems. The second working group is also working on data confidentiality issues for IBR/DER. Many data privacy and confidentiality issues arise when data is shared, but at the same time, data-sharing is essential to planning, research, and efficient operation. Understanding the intersection of confidentiality concerns and the role of privacy-preserving methods might enable both properties. Contact: Sean Peisert (Peisert on the web)
The Cybersecurity via Inverter-Grid Automatic Reconfiguration (CIGAR) project developed supervisory control algorithms to counteract cyber-physical attacks that have compromised multiple independent systems in the electric grid. The project utilized reinforcement learning techniques to simultaneously develop defense strategies in higher dimensions tailored to specific sections of the electric grid. Analysis of derived attack and defensive strategies highlight specific system vulnerabilities as well as determine recommended upgrades to enhance system cybersecurity. Contact: Sean Peisert (Peisert on the web)
A Science DMZ is a portion of a network built at or near the local perimeter of an individual research institution's network. It is designed with equipment, configuration, and security policies optimized for high-performance workflows and large datasets. The traditional Science DMZ model is not currently employed in environments subject to the HIPAA Security Rule and HITECH requirements due to the presumed technical controls based on the de facto use of stateful and deep packet-inspecting commercial firewalls. The Medical Science DMZ is re-engineered for “restricted data,” an approach that allows data flows at scale while simultaneously addressing the HIPAA Security Rule and related regulations governing sensitive data and appropriately managing risk. Contact: Sean Peisert (Peisert on the web)
Cyber Security of Power Distribution Systems by Detecting Differences Between Real-time Micro-Synchrophasor Measurements and Cyber-Reported SCADA
The power distribution grid, like many cyber-physical systems, was developed with careful consideration for safe operation, but a number of features of the power system make it particularly vulnerable to cyber attacks via IP networks. This project aimed to design and implement a measurement network that can detect and report the resultant impact of cyber security attacks on the distribution system network. The result is a system that provides an independent, integrated picture of the distribution grid’s physical state, which is difficult for a cyber-attacker to subvert using data-spoofing techniques. Contact: Sean Peisert (Peisert on the web)
Sean Peisert has been tapped to serve as deputy director on the leadership team of Trusted CI, the NSF Cybersecurity Center of Excellence. Read More »
While the need for security in the power grid is clear, cybersecurity has typically been “bolted on” in a piecemeal fashion after the fact, rather than designed in from the outset. Enter the Cybersecurity via Inverter-Grid Automatic Reconfiguration (CIGAR) project, a recently completed Berkeley Lab effort aimed at providing security protections for emerging power systems. Read More »
Sean Peisert, chief cybersecurity researcher at Lawrence Berkeley National Lab, recently gave an invited talk on the challenges of data sharing in biomedical science at a meeting of the Committee on Science, Engineering, Medicine, and Public Policy, a joint unit of the National Academy of Sciences, National Academy of Engineering, and the National Academy of Medicine. Read More »
In the last few years, researchers at Berkeley Lab, UC Davis, and the University of Stavanger in Norway have developed a new protocol, called BChain, which makes private blockchain even more robust. The researchers are also working with colleagues at Berkeley Lab and beyond to adapt this tool to support applications that are of strategic importance to the Department of Energy’s Office of Science. Read More »
As part of the Department of Energy’s (DOE’s) commitment to building cyber-resilient energy delivery systems, a new project led by Lawrence Berkeley National Laboratory (Berkeley Lab) will develop tools to detect and counter certain types of cyber attacks on the grid. Read More »