Hydro Review
New Tool to Enhance Hydropower Plant Cybersecurity through AI
By Elizabeth Ingram – 8.29.2024
The saying is: A cyberattacker only needs one win, but a security team needs to win 100% of the time.
A new cybersecurity tool for hydropower plants is being developed at the National Renewable Energy Laboratory (NREL) to achieve a high level of protection. This data-driven and hardware-agnostic tool, known as the Cybersecurity Situational Awareness Tool for Hydropower (CYSAT-Hydro), comes amidst two key trends in the energy sector.
First, there’s a rapid increase in internet-connected distributed energy resources. These can integrate with larger generation sources, like hydroelectric plants, which poses cybersecurity risks for their digital interfaces on the grid. Secondly, notable cyberattacks, such as the May 2021 ransomware attack on the Colonial Pipeline, have highlighted the vulnerabilities within energy systems, costing operators millions and disrupting gas supply for many Americans.
Analyzing the Threat Landscape
Over the past 10 to 15 years, there has been a marked increase in malicious attacks targeting critical infrastructure, such as the power grid. According to Vivek Kumar Singh, a senior cybersecurity researcher at NREL, these threats are often sponsored by nation-states seeking significant impact and monetary gain.
Modernizing the U.S. power grid has been a priority, incorporating new technologies like smart meters and advanced communication systems. Hydropower plants are increasingly part of the smart grid trend, with operators linking small facilities to energy storage systems for reliable power supply.
However, these new technologies also create additional entry points for potential hackers. CYSAT-Hydro is designed to secure these vulnerabilities, actively ensuring the grid’s reliability.
The Need for Enhanced Protection
Cyber threats faced by the grid can be covert and require minimal knowledge to execute. Examples include denial-of-service attacks, which may involve easy access to basic system information. Specific threats targeting hydropower-integrated battery storage systems could encompass both unauthorized tripping of relays and tampering with regulation signals.
The CYSAT-Hydro tool specifically addresses these vectors, using AI to detect unusual activities within the operational technology networks. The system sends real-time alerts about attacks while also providing analytics to help operators restore grid functionality swiftly.
Singh emphasizes the potential financial losses caused by cyberattacks. “If an attack shut down a hydro plant for five hours, it might cost you a huge amount as the operator, affecting flood control and local ecosystems. This tool could help prevent such issues.”
User-Friendly Interface
CYSAT-Hydro features a user-friendly application programming interface compatible across different operating systems. It includes a visualization dashboard for comprehensive monitoring of grid operations, network traffic, and security breaches.
Being open source, CYSAT-Hydro can be easily adopted across various grid technologies and critical infrastructure sectors, such as water and gas pipelines.
As the tool approaches completion, Singh anticipates its adaptability will foster future growth. Plans for field demonstrations and further case studies are in discussion to enhance its effectiveness.
Conclusion
NREL, a national laboratory of the U.S. Department of Energy, is committed to advancing the state of cybersecurity in clean energy systems with initiatives like CYSAT-Hydro. By addressing the increasing threats in the energy domain, this new tool aims to safeguard essential services and promote a more resilient power infrastructure.