Beneath the Surface: Anuj Sanghvi’s Journey From Toy Tinkerer to Cybersecurity Defender

A Cybersecurity and Resilience Researcher Recalls How a Childhood Urge To Dismantle His Toys Led to a Career in Defending Clean Energy Data From Cyberattacks

Aug. 14, 2024 | By Tara McMurtry | Contact media relations

Anuj Sanghvi had to train himself for a career in research.

Sanghvi, now a National Renewable Energy Laboratory (NREL) cybersecurity researcher and network security engineer, always knew he wanted to work in engineering. He was one of those children—the ones who take toys and electronics apart to play with the circuit boards.

“It fascinated me how great minds thought these things up and put them together,” Sanghvi recalled. “I had to figure out how they did it and how these things worked.”

Sanghvi’s interest in the way things work led him to study electrical and communications engineering in college in his native India and to an early career as a radio frequency engineer for a satellite broadcasting company in Mumbai.

“I loved the concept of telecommunications,” Sanghvi said. “A signal goes from a television company, transmits content all the way up to a satellite in space, and then gets broadcast to a region in the form of entertainment and information.”

Sanghvi wanted to learn more about networks and communication, so he decided to leave India for the United States, where he earned a Master of Science in electrical and network engineering at San Jose State University. After his first year of grad school, Sanghvi began looking for internships where he could get practical experience applying what he was learning in his classes. He found that opportunity as a network and security engineering intern at NREL during summer 2016.

“NREL needed someone who understood both electrical and networking engineering,” Sanghvi explained. “I didn’t know what NREL did, but I knew I had the knowledge they were looking for.”

During the eight-week internship, Sanghvi set up off-the-shelf cybersecurity devices, along with networking equipment like routers and firewalls, at NREL’s cybersecurity testing facilities.

“In that short time, I gained a deeper understanding of renewable energy and the lab’s mission,” Sanghvi said. “At the end of the internship, my manager offered me a full-time position as a cybersecurity researcher. I finished grad school in 2017, took a few months to recharge, and started my full-time job in early 2018. I’ve been here ever since.”

Person speaking into a microphone on stage — After starting his career as a radio frequency engineer in his native India, Anuj Sanghvi moved to the United States to earn a master’s degree in electrical and network engineering. While completing his degree, he interned at NREL, which led to his current, full-time role as a cybersecurity researcher and network security engineer. *Photo by Anuj Sanghvi, NREL*

Research, Sanghvi found, required a subtly different mindset than engineering—a mindset he had to train himself to adopt.

“As an engineer, I completed specific tasks, which usually resulted in clear, expected outcomes,” Sanghvi explained. “As a researcher, I investigate new ways of doing things. I might spend months or years testing a hypothesis, and it might not work—which I had to learn to not take personally. But that’s not to say it was a wasted effort, because I learned something. And at NREL, I get support and encouragement, even when a hypothesis doesn’t work out.”

Now, six years into his role at NREL, Sanghvi occasionally encounters confusion about what his job actually entails.

“If I say I research cybersecurity at NREL, people sometimes think that means I protect NREL from people who want to hack in and steal our research,” Sanghvi said. “My job is to study ways that renewable energy asset owners can protect their digital infrastructure from cyber threats.”

As an engineer, Sanghvi often marvels at the feats of engineering that renewable energy technologies like wind turbines and hydropower dams showcase. As a researcher, he recognizes these facilities’ asset vulnerabilities and how critical it is to fortify them against attacks.

“Sometimes I feel like I’m no one to say that renewable energy facilities installations can be improved, because they were designed by brilliant engineers and some, like hydropower plants, have withstood the test of time,” Sanghvi said. “But many of those facilities were built before the digital age.”

Today, Sanghvi explained, most renewable energy facilities rely on interconnected technologies and digital control systems. This reliance is increasing the complexity of the grid and widening the attack surface, presenting new security questions and new opportunities to implement security and resilience by design.

To address these questions, Sanghvi works to develop strong cybersecurity measures that help maintain a stable, reliable grid and foster confidence in the continued use and growth of renewable energy. He coauthored the U.S. Department of Energy’s (DOE’s) Roadmap for Wind Cyber Security and serves as an organizer of DOE’s Advanced Cybersecurity Technology 1 Prize, which aims to bridge the gap between cybersecurity technical solution providers and under-resourced utility companies.

“Some utilities, especially rural ones, have a staff of maybe five people and limited resources to make cybersecurity upgrades,” Sanghvi said. “This prize will provide funding and technical assistance to help these utilities strengthen their defenses.”

Sanghvi also led recent updates to the Cybersecurity Value-at-Risk Framework (CVF). Developed with funding from DOE’s Water Power Technologies Office, the CVF helps hydropower operators assess their facilities’ cybersecurity risks and select different investments to help improve overall resilience. With these updates, users can now create multiple profiles and facilities within one organization, so they can compare cybersecurity strengths and weaknesses within multiple facilities and make an informed decision at the organizational level.

“I’ve worked on past cybersecurity assessments that were basically a laundry list of measures identified as poorly or insufficiently implemented,” said Sanghvi. “But those assessments were missing a discussion of how difficult or expensive it would be to make improvements to a facility’s cybersecurity practices. The CVF provides that.”

Anuj Sanghvi presenting in front of a projector screen — Sanghvi led the development of and recent updates to NREL’s Cybersecurity Value-at-Risk Framework, a tool designed to help hydropower operators assess and address their facilities’ cybersecurity risks. *Photo by Anuj Sanghvi, NREL*

Beyond his work at NREL, Sanghvi describes himself as a beloved husband and says his wife, a family law paralegal, likes to gently rib him for his highly technical job title.

“My wife will ask me, ‘What did you research today?’” Sanghvi joked. “Then, she enjoys hearing about my work while taking a nap.”

Sanghvi also describes himself as “just a regular Indian dude trying to make a living in the United States.”

“I have several friends and family members who immigrated from India to make a life here,” Sanghvi explained. “It’s not an uncommon journey, but it’s also not easy to leave your home behind, take graduate-level courses, find a job in a tough market, and, on top of all that, try to blend into a new culture. Those challenges knock a lot of people out. It is, I think, an underappreciated journey.”

So, what is the secret to Sanghvi’s success?

“I’m an optimistic, resourceful, passionate guy,” Sanghvi said, “and any of my achievements would not have been possible without the support of my family.”

Learn more about how NREL’s experts are helping advance hydropower. And subscribe to the NREL water power newsletter, The Current, for the latest news on NREL's water power research.