Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

DER Cybersecurity Detection and Response Suite

Software ·
DOI:https://doi.org/10.11578/dc.20250515.1· OSTI ID:code-155632 · Code ID:155632
 [1];  [1];  [1]
  1. Sandia National Lab. (SNL-CA), Livermore, CA (United States); Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Sandia National Laboratories (SNL), Albuquerque, NM, and Livermore, CA (United States)
+ Show Developer Affiliations

SAND2024-08475O The Distributed Energy Resource (DER) Cybersecurity Detection and Response Suite is a solution for distributed energy resource (DER) systems. The DER Security Orchestration, Automation, and Response (SOAR) solution that uses alerts from signature- and behavior-based Intrusion Detection Systems are intended to be deployed as bump-in-the-wire (BITW) devices in front of DER equipment. The fielded application would use multiple intrusion detection systems that report data to SOAR to respond to cyberattacks. The suite consists of two software components: • The proactive intrusion detection and mitigation system (PIDMS) secures grid-edge photovoltaic smart inverters and other equipment in distributed energy resource systems. It is a distributed BITW solution; cyber and physical data are automatically processed using network inspection tools and custom machine learning algorithms to detect abnormal events and correlate cyber-physical events. • The Security Orchestration, Automation, and Response for Distributed Energy Resources (SOAR4DER) application ingests data from several intrusion detection systems to quickly block attacks and revert DER systems to good states. Using a collection of intrusion detection system technologies on a BITW device, it incorporates physical and cyber data to detect abnormal and potential malicious behaviors. Multiple SOAR playbooks then use the intrusion detection system data streams to automatically defend the system. SOAR4DER system testing showed detection and response times under 30 seconds for all adversary reconnaissance, denial-of-service attacks, malicious Modbus commands, brute-force logins, and machine-in-the-middle attacks. Sandia National Laboratories is a multimission laboratory managed and operated by National Technology & Engineering Solutions of Sandia, LLC, a wholly owned subsidiary of Honeywell International Inc., for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-NA0003525.

Project Type:
Closed Source
Site Accession Number:
SCR #2842.0
Software Type:
Scientific
Programming Language(s):
Python, Bash
Research Organization:
Sandia National Laboratories (SNL-NM), Albuquerque, NM (United States)
Sponsoring Organization:
USDOE
Primary Award/Contract Number:
NA0003525
DOE Contract Number:
NA0003525
Code ID:
155632
OSTI ID:
code-155632
Country of Origin:
United States

Similar Records

Securing Inverter Communication: Proactive Intrusion Detection and Mitigation System to Tap, Analyze, and Act
Technical Report · Mon Feb 28 23:00:00 EST 2022 · OSTI ID:1861984
Programmable intrusion detection for distributed energy resources in cyber–physical networked microgrids
Journal Article · Tue Nov 02 00:00:00 EDT 2021 · Applied Energy · OSTI ID:1960142

Related Subjects