Cybersecurity; security services

Global technology company ViaSat this week certified US Department of Energy’s National Renewable Energy Laboratory (NREL) distribution grid management system test bed.NREL is using the system to develop an end-to-end cybersecurity architecture for smart grid applications.

Apart from developing the cybersecurity solution, NREL is conducting research on technologies for increased integration of renewable energy and other distributed energy resources onto transmission, distribution and end-user grid levels.

In a statement, ViaSat said it has successfully completed a vulnerability assessment, penetration testing and secure network implementation of NREL’s test bed.

Apart from testing the system, ViaSat said it improved and hardened the cybersecurity of the system through stringent penetration tests.

ViaSat claims the improvements increased the overall security posture of the DGM 2.0 network for it to withstand multiple exploits through successive layers of security, keeping the critical energy control system assets protected.

Jerry Goodwin, chief operating officer, Government Systems Division, at ViaSa,t said: "The introduction of new technologies like smart meters and renewable energy resources requires the energy grid to move from a centralised architecture to one that is highly distributed, ultimately creating new security vulnerabilities."

Dr. Erfan Ibrahim, director of the Cyber Physical Systems Security and Resilience Center, under NREL's Energy Systems Integration Directorate, also commented:  "Individual energy utilities can use the empirically validated cybersecurity specifications developed through this partnership to improve distribution system resiliency and better protect against internal and external cybersecurity threats of any level of severity."

Cybersecurity in the US

The development comes after a new security solution, introduced by Intel, to secure both legacy and new critical infrastructure, was last year tested at Texas Tech University.

The Intel Security Critical Infrastructure Protection (CIP), a joint development by Intel Security and Wind River, provider of embedded system software, created the security platform to minimize the risk of cyber-attacks compromising power grid infrastructure.

[quote] The Intel Security CIP works by “separating the security management functions of the platform from the operation applications, allowing the operational layer to be robustly secured, monitored and managed,” according to a statement.

Milton Holloway, president and COO of the Center for the Commercialization of Electric Technologies in Texas, said: “From December 2013 to January 2015, the Intel Security CIP was in a field at Texas Tech University, where its performed as required by NIST standards and withstood penetration testing, as well as protected the synchrophasor applications during the Heartbleed vulnerablility and Havex attacks.”

The easy-to-deploy platform can be retrofitted onto existing infrastructure with minimal changes to business process or application software. The Intel Security CIP includes key protection features such as device identity, malware protection, data protection and resiliency – compatible with the growing M2M applications found in enabling a smarter grid today.

Lorie Wigle, vice president of Internet of Things Security Solutions for Intel Security said: “The risk of cyberattacks on critical infrastructure is no longer theoretical, but building security into the grid is challenging due to the amount of legacy infrastructure and the importance of availability of service.