Cybersecurity Situational Awareness Tool for Hydropower

NREL researchers are developing a cybersecurity situational awareness tool (CYSAT) designed for hydropower and other distributed energy resource-integrated grid networks.

Ice Harbor Dam in Washington

Using state-of-the-art artificial intelligence, CYSAT detects stealthy cyberattacks early, minimizes evolving cybersecurity risks, analyzes grid performance through technical and economic metrics, and aids grid operators in making informed decisions to enhance the resiliency and security of hydropower plants.

Features

CYSAT features an intelligent alarming system that is hardware-agnostic, supports bump-in-the-wire capability, provides plug-and-play functionality, and is interoperable with existing substation edge devices. It's built on the open-source Python platform, supporting a user-friendly application programming interface, and is compatible with various operating systems, ensuring cost-effectiveness.

The tool leverages the Advanced Research on Integrated Energy Systems Cyber Range and is tested and validated in real time against various cyberattacks and supervisory control and data acquisition-based communication architectures.

CYSAT detects cyberattacks over the wide-area network and provides detailed information about detected cyberattacks to system operators and engineers while analyzing grid performance in real time.

Capabilities

  • Rules-based network intrusion detection system: Detects cyberattacks on supervisory control and data acquisition communication protocols
  • Machine learning-based anomaly detection system: Identifies stealthy cyberattacks in a hydropower-integrated grid network
  • State-driven anomaly mitigation system: Restores grid operation after cyberattacks
  • Technical and economical metrics-based grid assessment: Provides cost-benefit analysis
  • Data management and visualization dashboard: Offers web-based event visualization
  • Containerized solution: Tailored for substation networks

Tool Benefits

  • Advanced threat detection: Enables real-time awareness through cyber and physical monitoring for system owners and operators
  • Utility-based features: Justifies the tool's integration into utility environments with technical and economic benefits
  • Signature-based intrusion detection: Identifies information technology-specific attacks
  • Anomaly detection: Integrates supervised and unsupervised machine learning algorithms for real-time detection of stealthy cyberattacks
  • Real-time visualization dashboard: Provides comprehensive visualization and awareness of grid operations, network traffic, and intrusions

Publications

Anomaly Detection and Mitigation for Dynamic Frequency Regulation in Hydropower-Battery Systems, IEEE Power & Energy Society General Meeting (2024)

Industry Engagement

NREL researchers collaborate with hydropower operators, industry vendors, and stakeholders to facilitate technology transition to the marketplace. They also work closely with the U.S. Department of Energy's Water Power Technologies Office to highlight the value of this cybersecurity tool and accelerate development through public-private partnerships.

Partnerships (Industry Advisors)

Utilities: PJM Interconnection, Berkshire Hathaway Energy

Industry vendors: Waterfall Security, Eaton

Contact

Vivek Kumar Singh

Senior Researcher-IV, Cyber Security and Resilience

Vivekkumar.singh@nrel.gov
515-520-3109

Patrick Schassberger

Cyber Security Researcher I

Patrick.Schassberger@nrel.gov
503-927-3712

Share