NREL develops cybersecurity tool to flag threats to electric grid
The National Renewable Energy Laboratory (NREL) has developed an intrusion visualisation tool, IViz-OT, which can locate and visualise anomalies on the electrical grid that might otherwise go unnoticed.
According to NREL, existing cybersecurity solutions are mostly designed for Information Technology (IT)-based applications and are not directly suitable for Operational Technology (OT)-based networks.
The IViz-OT tool is a threat finder and interprets cyber and physical events on the grid. It uses grid information and network data to deliver state awareness to system owners and operators. NREL cites how the current market lacks such a technology, which can provide defence-in-depth visualisation through analytical approaches.
“We identified a market need, built a prototype technical solution and worked with industry to mature it into viable technology,” said Dane Christensen, NREL group manager of cybersecurity science and simulation.
Have you read:
Smart device cybersecurity proposals for Europe
Geopolitics shake up cyber considerations
IViz-OT works with the NREL-developed Hybrid Intrusion Detector for Energy Systems (HIDES) to process grid information, detect intrusions and create a log of alerts.
The generated log from HIDES is not necessarily human-readable, so IViz-OT decrypts the alert log into simple scenarios that are easy to understand by operators.
“This is a much-needed tool to bridge the valley of death between research-and-development innovations and technology commercialisation,” said Vivek Kumar Singh, an NREL senior cybersecurity researcher who is leading the effort. “IViz-OT is hardware agonistic, scalable through virtualisation, compatible and supports plug-and-play functionality.”
As alerts come in from HIDES, IViz-OT screens cyber and physical data to determine the nature, cause and location of an anomaly. IViz-OT aims to provide a deeper level of intelligence by correlating events over time.
This way, multiple or ongoing events can be recognised and flagged as a wider problem, described by NREL as a meta-analysis that uncovers the true scope and source of issues.
Testing and validation
IViz-OT and HIDES have been tested and validated in the NREL cyber range, where cyber-physical experiments can be customised and visualised.
The cyber range setup mimicked a small distribution system, which used hardware and several emulated devices like an electric vehicle charging equipment meter, a power inverter and site meters.
The cyber range allows engineers to visualise the power and communications flow in 3D to witness how IViz-OT and HIDES would respond to various real attacks. Although further developments are planned, IViz-OT is ready for deployment and available for license.
The tool was developed with support from the US Department of Energy (DOE) office of cybersecurity, energy security, and emergency response and in collaboration with US power management company Eaton.
The work was funded through the Technology Commercialization Fund, a programme within the DOE Office of Technology Transitions.