March Meeting at National Reliable Energy Laboratory (NREL) | March 16
Fourteen people were fortunate to attend the very interesting ACP chapter meeting at NREL in Golden. Presenting the program was Maurice Martin, Senior Technology Lead with the PSEC Security & Resilience team. The overall commitment was to inform our group on energy grid evolution and attack evolution in this age of cyber vulnerability. Maurice added anecdotes of interest to the group, such as concern about the growing use of electric cars and ways to charge them without stressing the grid.
The Golden facility is NREL’s largest at 182,500 ft. Included is space for approximately 200 staff and research partners, as well as a Petascale High-performance Computer (HPC) and a data center that supports all research at NREL. The labs focus on R&D of integrated energy systems: electricity, windfarm, thermal, fuel, and data infrastructure.
Maurice discussed the impact of having moved to distributed energy generation. The country is faced with unprecedented cybersecurity vulnerabilities, and Maurice discussed the solution, which is a new disruptive approach – systemic security. The goal is to limit the damage that can be done from the start:
The primary limitation to this approach is that legacy end-devices in the field and throughout the supply chain are still vulnerable to tampering because limited authentication is available.
Maurice’s presentation was followed by a tour of the facility.
The Golden facility is NREL’s largest at 182,500 ft. Included is space for approximately 200 staff and research partners, as well as a Petascale High-performance Computer (HPC) and a data center that supports all research at NREL. The labs focus on R&D of integrated energy systems: electricity, windfarm, thermal, fuel, and data infrastructure.
Maurice discussed the impact of having moved to distributed energy generation. The country is faced with unprecedented cybersecurity vulnerabilities, and Maurice discussed the solution, which is a new disruptive approach – systemic security. The goal is to limit the damage that can be done from the start:
- Adhere to cyber hygiene (i.e., sound network design principles and cybersecurity management practices).
- Use third-party, off-the-shelf technologies selectively for in-line blocking and context-based intrusion detection to maximize situational awareness and provide systemic cyber protection.
- Ensure that the strategy is compatible with legacy and modern equipment on Day One so that no upgrades are required to function.
- Ensure that the strategy is modular and scalable.
- Ensure that the strategy does not depend on cyber security controls at the end-device or protocol level.
The primary limitation to this approach is that legacy end-devices in the field and throughout the supply chain are still vulnerable to tampering because limited authentication is available.
Maurice’s presentation was followed by a tour of the facility.