Cybersecurity Resilience Demonstration for Wind Energy Sites in Co-Simulation Environment

Mccarty, Michael; Johnson, Jay; Richardson, Bryan; Rieger, Craig; Cooley, Rafer; Gentle, Jake; Rothwell, Bradley; Phillips, Tyler; Novak, Beverly; Culler, Megan; Wright, Brian

doi:10.1109/ACCESS.2023.3244778

Title: Cybersecurity Resilience Demonstration for Wind Energy Sites in Co-Simulation Environment

Abstract

Sandia National Laboratories and Idaho National Laboratory deployed state-of-the-art cybersecurity technologies within a virtualized, cyber-physical wind energy site to demonstrate their impact on security and resilience. This work was designed to better quantify cost-benefit tradeoffs and risk reductions when layering different security technologies on wind energy operational technology networks. Standardized step-by-step attack scenarios were drafted for adversaries with remote and local access to the wind network. Then, the team investigated the impact of encryption, access control, intrusion detection, security information and event management, and security, orchestration, automation, and response (SOAR) tools on multiple metrics, including physical impacts to the power system and termination of the adversary kill chain. We found, once programmed, the intrusion detection systems could detect attacks and the SOAR system was able to effectively and autonomously quarantine the adversary, prior to power system impacts. Cyber and physical metrics indicated network and endpoint visibility were essential to provide human defenders situational awareness to maintain system resilience. Certain hardening technologies, like encryption, reduced adversary access, but recognition and response were also critical to maintain wind site operations. Lastly, a cost-benefit analysis was performed to estimate payback periods for deploying cybersecurity technologies based on projected breach costs.

Authors:

^[1];

^[2];

^[3];

^[1]; Cooley, Rafer ^[1]; Gentle, Jake ^[1]; Rothwell, Bradley ^[1]; Phillips, Tyler ^[1]; Novak, Beverly ^[1]; Culler, Megan ^[1]; Wright, Brian ^[2]

Idaho National Laboratory, Idaho Falls, ID, USA
Sandia National Laboratories, Albuquerque, NM, USA
DNK Consulting, Albuquerque, NM, USA

Publication Date:: Sun Jan 01 00:00:00 EST 2023

Research Org.:: Sandia National Lab. (SNL-NM), Albuquerque, NM (United States); Idaho National Laboratory (INL), Idaho Falls, ID (United States)

Sponsoring Org.:: USDOE Office of Energy Efficiency and Renewable Energy (EERE), Renewable Power Office. Wind Energy Technologies Office; USDOE National Nuclear Security Administration (NNSA)

OSTI Identifier:: 1924575

Alternate Identifier(s):: OSTI ID: 1957857; OSTI ID: 2311621

Report Number(s):: SAND-2023-12642J
Journal ID: ISSN 2169-3536; 10043706

Grant/Contract Number:: NA0003525; AC07-05ID14517

Resource Type:: Published Article

Journal Name:: IEEE Access

Additional Journal Information:: Journal Name: IEEE Access Journal Volume: 11; Journal ID: ISSN 2169-3536

Publisher:: Institute of Electrical and Electronics Engineers

Country of Publication:: United States

Language:: English

Subject:: 17 WIND ENERGY; 97 MATHEMATICS AND COMPUTING; wind turbine generation; cybersecurity; cyber-resilience; co-simulation; cyber-physical systems

Citation Formats


                    Mccarty, Michael, Johnson, Jay, Richardson, Bryan, Rieger, Craig, Cooley, Rafer, Gentle, Jake, Rothwell, Bradley, Phillips, Tyler, Novak, Beverly, Culler, Megan, and Wright, Brian. Cybersecurity Resilience Demonstration for Wind Energy Sites in Co-Simulation Environment.  United States: N. p., 2023. 
Web.  doi:10.1109/ACCESS.2023.3244778.

Copy to clipboard


                    Mccarty, Michael, Johnson, Jay, Richardson, Bryan, Rieger, Craig, Cooley, Rafer, Gentle, Jake, Rothwell, Bradley, Phillips, Tyler, Novak, Beverly, Culler, Megan, & Wright, Brian. Cybersecurity Resilience Demonstration for Wind Energy Sites in Co-Simulation Environment.  United States.  https://doi.org/10.1109/ACCESS.2023.3244778

Copy to clipboard


                    Mccarty, Michael, Johnson, Jay, Richardson, Bryan, Rieger, Craig, Cooley, Rafer, Gentle, Jake, Rothwell, Bradley, Phillips, Tyler, Novak, Beverly, Culler, Megan, and Wright, Brian. Sun .  
"Cybersecurity Resilience Demonstration for Wind Energy Sites in Co-Simulation Environment".  United States.  https://doi.org/10.1109/ACCESS.2023.3244778.

Copy to clipboard


                    
@article{osti_1924575,

  title        = {Cybersecurity Resilience Demonstration for Wind Energy Sites in Co-Simulation Environment},

  author       = {Mccarty, Michael and Johnson, Jay and Richardson, Bryan and Rieger, Craig and Cooley, Rafer and Gentle, Jake and Rothwell, Bradley and Phillips, Tyler and Novak, Beverly and Culler, Megan and Wright, Brian},

  abstractNote = {Sandia National Laboratories and Idaho National Laboratory deployed state-of-the-art cybersecurity technologies within a virtualized, cyber-physical wind energy site to demonstrate their impact on security and resilience. This work was designed to better quantify cost-benefit tradeoffs and risk reductions when layering different security technologies on wind energy operational technology networks. Standardized step-by-step attack scenarios were drafted for adversaries with remote and local access to the wind network. Then, the team investigated the impact of encryption, access control, intrusion detection, security information and event management, and security, orchestration, automation, and response (SOAR) tools on multiple metrics, including physical impacts to the power system and termination of the adversary kill chain. We found, once programmed, the intrusion detection systems could detect attacks and the SOAR system was able to effectively and autonomously quarantine the adversary, prior to power system impacts. Cyber and physical metrics indicated network and endpoint visibility were essential to provide human defenders situational awareness to maintain system resilience. Certain hardening technologies, like encryption, reduced adversary access, but recognition and response were also critical to maintain wind site operations. Lastly, a cost-benefit analysis was performed to estimate payback periods for deploying cybersecurity technologies based on projected breach costs.},

  doi          = {10.1109/ACCESS.2023.3244778},

  journal      = {IEEE Access},

  number       = ,

  volume       = 11,

  place        = {United States},

  year         = {Sun Jan 01 00:00:00 EST 2023},

  month        = {Sun Jan 01 00:00:00 EST 2023}

}

Copy to clipboard

Journal Article:

Free Publicly Available Full Text

Publisher's Version of Record
https://doi.org/10.1109/ACCESS.2023.3244778

Other availability

Search WorldCat to find libraries that may hold this journal

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Cyber Security Metrics for Performance Measurement in E-Business
conference, December 2018

Geleta, Rabira
2018 International Conference on Smart Systems and Inventive Technology (ICSSIT)
DOI: 10.1109/ICSSIT.2018.8748525

Wind farm security: attack surface, targets, scenarios and mitigation
journal, June 2017

Staggs, Jason; Ferlemann, David; Shenoi, Sujeet
International Journal of Critical Infrastructure Protection, Vol. 17
DOI: 10.1016/j.ijcip.2017.03.001

Power system protection and resilient metrics
conference, August 2015

Eshghi, Kamshad; Johnson, Brian K.; Rieger, Craig G.
2015 Resilience Week (RWS)
DOI: 10.1109/RWEEK.2015.7287448

Grid Structural Characteristics as Validation Criteria for Synthetic Networks
journal, July 2017

Birchfield, Adam B.; Xu, Ti; Gegner, Kathleen M.
IEEE Transactions on Power Systems, Vol. 32, Issue 4
DOI: 10.1109/TPWRS.2016.2616385

Cyber intrusion of wind farm SCADA system and its impact analysis
conference, March 2011

Yan, Jie; Liu, Chen-Ching; Govindarasu, Manimaran
2011 IEEE/PES Power Systems Conference and Exposition (PSCE)
DOI: 10.1109/PSCE.2011.5772593

Cyberattack to Cyber-Physical Model of Wind Farm SCADA
conference, October 2018

Zabetian-Hosseini, Asal; Mehrizi-Sani, Ali; Liu, Chen-Ching
IECON 2018 - 44th Annual Conference of the IEEE Industrial Electronics Society
DOI: 10.1109/IECON.2018.8591200

An Operational Resilience Metric for Modern Power Distribution Systems
conference, December 2020

Phillips, Tyler; McJunkin, Timothy; Rieger, Craig
2020 IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C)
DOI: 10.1109/QRS-C51114.2020.00065

Synchrophasors-based Master State Awareness Estimator for Cybersecurity in Distribution Grid: Testbed Implementation & Field Demonstration
conference, April 2022

Alanzi, Mataz; Challa, Hari; Beleed, Hussain
2022 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT)
DOI: 10.1109/ISGT50606.2022.9913073

Statistical Considerations in the Creation of Realistic Synthetic Power Grids for Geomagnetic Disturbance Studies
journal, January 2016

Birchfield, Adam B.; Gegner, Kathleen M.; Xu, Ti
IEEE Transactions on Power Systems
DOI: 10.1109/TPWRS.2016.2586460

Resilient control systems Practical metrics basis for defining mission impact
conference, August 2014

Rieger, Craig G.
2014 7th International Symposium on Resilient Control Systems (ISRCS)
DOI: 10.1109/ISRCS.2014.6900108

Similar Records in DOE PAGES and OSTI.GOV collections:

Autonomous System Inference, Trojan, and Adversarial Reprogramming Attack and Defense (Final)

Technical Report Spirito, Christopher M. ; Lamb, Patience

In the world of ever-advancing technology, Autonomous Systems (AS) find extensive application, bolstering functionalities of critical infrastructures such as nuclear power plants. These systems, however, are increasingly becoming a target for nefarious activities, namely through inference attacks, trojan attacks, and adversarial reprogramming. This paper delves into a comprehensive exploration of machine learning (ML)-driven autonomous control systems within advanced nuclear reactor designs, revealing the vulnerabilities and proposing strategies for defense against potential cyber-attacks. Advanced cyber-attacks against critical infrastructure and the energy sector are becoming more common. With the invention of autonomous control systems (ACS) within advanced nuclear reactor designs, system designers,more »« less
https://doi.org/10.2172/2331437

Full Text Available
Cybersecurity Assessments on Emulated DER Communication Networks

Technical Report Onunkwo, Ifeoma ; Wright, Brian J. ; Cordeiro, Patricia G. ; ...

An increasing number of public utility commissions are adopting Distributed Energy Resource (DER) interconnection standards which require photovoltaic (PV) inverters, energy storage systems, and other DER to include interoperable grid-support functionality. The recently updated national standard, IEEE 1547-2018, requires all DER to include a Sun Spec Modbus, IEEE 2030.5, or IEEE 1815 communication interface in order to provide local and bulk power system services. Those communication protocols and associated information models will ensure system interoperability for PV and storage systems, but these new utility-to-DER communication networks must be deployed with sufficient cybersecurity to protect the U.S. power system and othermore »« less
https://doi.org/10.2172/1761846

Full Text Available
Attack-resilient algorithms and testbed federation for wide-area protection and control in smart grid

Other Singh, Vivek Kumar

Today’s energy infrastructure is undergoing a massive transformation across all generation, transmission, and distribution systems to provide reliability, efficiency, and sustainability to the power system network. During the past 10 years, there has been a remarkable enhancement in developing close-loop wide-area protection and control (WAPAC) applications, such as automatic generation control (AGC), wide-area protection scheme (WAPS), synchrophasor-based wide-area voltage control system (WAVCS), etc., in the energy management system (EMS) to provide an adequate situational awareness to control center operators during physical disturbances and natural events. The rapid digitalization, unencrypted communication, and numerous data-sharing devices have increased digital access points thatmore »« less
Countering Cyber Sabotage: Introducing Consequence-Driven Cyber-Informed Engineering (CCE)

Book Bochman, Andrew A ; Freeman, Sarah G

Preface The situation we find ourselves in today in the realm of cybersecurity is not much different than the one the software world was in in 1994, except that without a significant shift in strategy, the consequences for citizens and civilizations are likely to be much more dire. Prior to the release of the first edition of The Capability Maturity Model: Guidelines for Improving the Software Process by Carnegie Mellon’s Software Engineering Institute (SEI) just as the personal computer era was getting underway circa 1994, the world of software development was, to be generous, a complete goat rope . Scopingmore »« less
https://doi.org/10.4324/9780367491161

Full Text Available
Cybersecurity for Distance Relay Protection

Technical Report McDermott, Thomas E. ; Doty, Jeffrey D. ; O'Brien, James G. ; ...

This project is a DOE follow-up effort on the CREDC workshop held on September 13, 2018 in Cambridge, MA to discuss cybersecurity of distance relays, which considered the benefits, vulnerabilities and risk mitigations for the use of communication systems in power system protection. The objectives of this project are to define the taxonomy of relay protection and associated communications; define use cases describing approaches to reduce the cyber-attack surface on those protective relays; and evaluate the loss of operational functional capability from changes to communication coverage. Mitigating controls will also be evaluated to understand if there are other approaches tomore »« less
https://doi.org/10.2172/1602545

Full Text Available

Similar Records

Title: Cybersecurity Resilience Demonstration for Wind Energy Sites in Co-Simulation Environment

Abstract

Citation Formats

Cyber Security Metrics for Performance Measurement in E-Business conference, December 2018

Wind farm security: attack surface, targets, scenarios and mitigation journal, June 2017

Power system protection and resilient metrics conference, August 2015

Grid Structural Characteristics as Validation Criteria for Synthetic Networks journal, July 2017

Cyber intrusion of wind farm SCADA system and its impact analysis conference, March 2011

Cyberattack to Cyber-Physical Model of Wind Farm SCADA conference, October 2018

An Operational Resilience Metric for Modern Power Distribution Systems conference, December 2020

Synchrophasors-based Master State Awareness Estimator for Cybersecurity in Distribution Grid: Testbed Implementation & Field Demonstration conference, April 2022

Statistical Considerations in the Creation of Realistic Synthetic Power Grids for Geomagnetic Disturbance Studies journal, January 2016

Resilient control systems Practical metrics basis for defining mission impact conference, August 2014

Cyber Security Metrics for Performance Measurement in E-Business
conference, December 2018

Wind farm security: attack surface, targets, scenarios and mitigation
journal, June 2017

Power system protection and resilient metrics
conference, August 2015

Grid Structural Characteristics as Validation Criteria for Synthetic Networks
journal, July 2017

Cyber intrusion of wind farm SCADA system and its impact analysis
conference, March 2011

Cyberattack to Cyber-Physical Model of Wind Farm SCADA
conference, October 2018

An Operational Resilience Metric for Modern Power Distribution Systems
conference, December 2020

Synchrophasors-based Master State Awareness Estimator for Cybersecurity in Distribution Grid: Testbed Implementation & Field Demonstration
conference, April 2022

Statistical Considerations in the Creation of Realistic Synthetic Power Grids for Geomagnetic Disturbance Studies
journal, January 2016

Resilient control systems Practical metrics basis for defining mission impact
conference, August 2014