- A new public-private security partnership headed by the U.S. Department of Energy aims to accelerate development of zero-trust cyber solutions for clean energy systems, with Berkshire Hathaway Energy and Xcel Energy providing strategic direction from the industry side.
- The accelerator will utilize the National Renewable Energy Lab’s Advanced Research on Integrated Energy Systems (ARIES) platform to simulate how hackers might attack complex energy systems.
- The security accelerator will test new technologies to “make clean energy systems cyber secure from a project’s inception,” U.S. Deputy Secretary of Energy David Turk said at a Wednesday roundtable.
Cyberattacks are getting “much more frequent, sophisticated and dangerous,” Turk said, and defending critical infrastructure like the U.S. power grid will require the efforts of both government and industry.
“We’re not going to be successful on cybersecurity unless it’s a public-private partnership,” Turk said. “Both the government and private sector are bringing unique assets to this partnership to make this make this work.”
The accelerator will use ARIES to test cybersecurity technologies “in a realistic simulation of the grid,” said Turk. The platform simulates system-level security evaluations for bulk power renewables and distributed energy resources.
DOE’s Office of Energy Efficiency and Renewable Energy has invested nearly $40 million in the ARIES platform over the last couple of years, according to DOE Acting Assistant Secretary Kelly Speakes-Backman. The National Renewable Energy Lab’s facility is helping prepare the grid for the addition of electric vehicles, renewable energy generation systems, energy storage, and grid-interactive, efficient building devices, she said.
“It’s a pretty substantial scale-up of experimentation that we have done over the years, being able to directly connect up to 20 MW of equipment on site,” Speakes–Backman said.
DOE has made other cybersecurity investments the accelerator can leverage, though the ARIES platform is “a great starting point,” said Speakes–Backman. The agency will also invest $70 million over the next five years in the Cybersecurity Manufacturing Innovation Institute, to develop a cyber-focused federal institute to help the U.S. achieve efficiency improvements while also bolstering domestic manufacturing.
Those federal investments are important to securely building out clean energy infrastructure, according to Michael Ball, Berkshire Hathaway Energy’s chief information security officer.
The new security accelerator will allow Berkshire Hathaway to test energy solutions “in an environment that mimics what we … have to operate in every day,” said Ball.
The goal is to “build inherent security and resiliency into the systems,” Ball said. “We appreciate the opportunities to partner with government to harness some of the investments that … are giving us a platform by which we can achieve those very things.”
The accelerator allows for “huge economies of scale” as utilities tackle security challenges inherent in a changing grid, said Xcel Energy Chief Security and Privacy Officer James Sample. “This is bigger than any one utility. And as we all know, we’re interconnected, we have to work together.”
Zero-trust security essentially means devices do not trust one another by default, and Sample said there are fundamental issues that come with integrating legacy devices into a modern, distributed grid utilizing a zero-trust approach. Existing devices “really aren’t built to be zero-trust,” he said. “They’re built to trust each other. That’s what the control systems do.”
This means you can’t retrofit existing infrastructure to be zero-trust, said Sample. “We’ve got to fundamentally redesign the way that the assets work.”