Cybersecurity Considerations for Hydrogen Infrastructure in Airport Environments

This report explores key cybersecurity concerns and best practices within environments that serve as reference points for the development of hydrogen fueling infrastructure for aviation. This cybersecurity analysis leverages prior NREL studies: 1) hydrogen fueling station component validation to identify vulnerabilities and failure events documented in physical equipment, and 2) electric aircraft charging infrastructure analysis to explore primary cybersecurity vulnerabilities. It reviews the criticality of digitized technologies in sustaining hydrogen fuel production, storage, and fueling systems, noting cybersecurity concerns that are universal to power systems and industrial control systems in general. In considering cybersecurity vulnerabilities within a future landscape of hydrogen energy for aviation applications, a reference architecture was intended to reveal the points of connection between assets and the potential sensors that are vulnerable to manipulation in the event of compromised access or communication within a SCADA system. A generalized reference architecture can help stakeholders, engineers, or strategists understand connections, criticalities, and standard practices when it comes to designing and planning for new systems. There are several gaps to account for in assessing the future of hydrogen production, storage, and fueling for aviation. Engaging stakeholders, including aircraft manufacturers, electric utilities, site property owners, and local communities, will inform decision-making around site structure, operations, and resources for future hydrogen fueling infrastructure to understand operational needs and cybersecurity awareness. Cybersecurity mitigation strategy must consider physical attack vectors that emerge with the integration of hydrogen systems into existing airport security requirements. The cybersecurity risk assessment contained in this report is an entry point into potential future granular-level analyses to be conducted as part of hazard and risk assessments for safe aviation hydrogen infrastructure, determining how the scale of hydrogen fuel infrastructure for aviation impacts the volume of cyber attack vectors, and what, if any, are the vulnerabilities associated with different types of on-board hydrogen systems. In this nascent development phase, assessing how best to integrate cybersecurity practices into an evolving U.S. aviation landscape provides critical insights into building increased awareness and stakeholder engagement to support a cyber-resilient infrastructure.