Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

ModuleOT: A Hardware Security Module for Operational Technology: Preprint

Conference ·
OSTI ID:1600897
 [1];  [1];  [1];  [1]
  1. National Renewable Energy Laboratory (NREL), Golden, CO (United States)
+ Show Author Affiliations
With increasing penetration levels of distributed energy resources (DERs) on the distribution grid, as well as new technological advancements in the cyber space, new cyberattack vectors are being introduced, and the available attack surface is constantly increasing. Despite this increasing risk, the standard IEEE 1547-2018 does not yet recommend cybersecurity measures for DERs. To address this and to better protect data on the distribution grid - from the standpoints information security as well as operational security - ModuleOT has been developed. The module aims to significantly reduce cyberattack vectors by improving data privacy for user applications. This is accomplished by performing the core functions of encryption, authentication, authorization, certificate management, and user access control. The module integrates a custom security application with hardware cryptographic acceleration. The application secures all communications using Transmission Control Protocol over Internet Protocol (TCP/IP). These include the three most commonly used communications protocols for power systems information exchange: Modbus, Distributed Network Protocol 3 (DNP3), and Smart Energy Profile 2.0 (SEP2.0). These three protocols are also supported by IEEE 1547-2018 for all DER devices. This paper tests the data encryption/decryption feature on a physical networking test bed with emulated Modbus devices reporting grid data and presents the results.
Research Organization:
National Renewable Energy Laboratory (NREL), Golden, CO (United States)
Sponsoring Organization:
USDOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
DOE Contract Number:
AC36-08GO28308
OSTI ID:
1600897
Report Number(s):
NREL/CP-5R00-74697
Country of Publication:
United States
Language:
English

Similar Records

Module-OT: A Hardware Security Module for Operational Technology
Conference · Thu Mar 19 00:00:00 EDT 2020 · OSTI ID:1669443
Recommendations for Data-in-Transit Requirements for Securing DER Communications
Technical Report · Sat Feb 29 23:00:00 EST 2020 · OSTI ID:1813646
ModuleOT
Software · Sun Jan 24 19:00:00 EST 2021 · OSTI ID:code-50272

Related Subjects

24 POWER TRANSMISSION AND DISTRIBUTION
DNP3
Modbus
SCADA
cyber security
encryption
smart grid