Radiflow Takes Part in Developing OT Security Methodologies for DER (Distributed Energy Resources) Power Grids

The power grid – the network of wires, transformer substations, controllers and computers that bring electricity from point A to Point B – has changed in recent years, primarily due to opening up the energy marketplace to independent wind or photovoltaic plant operators (or even households with excess photovoltaic generation capacity). In many locales, the power grid has already transformed from a centralized spokes-and-hub model (from powerplant to users) to a decentralized DER (distributed energy resources) model.

To accommodate this transformation, power grids require access (via public communication networks) to a huge array of IIoT (Industrial Internet of things) devices, to regulate the energy flow from edge-generation points based on operational needs, and to manage transactional operations.

Unfortunately, the transition to a DER supply model dramatically increases the attack surface of power grid operators, adding to the existing OT cyber-security challenges the power industry has to deal with.

This development compelled NIST’s NCCoE to develop a new set of guidelines focusing on IIoT security for DERs (NIST Special Publication 1800-32). Radiflow has worked with NIST on multiple projects developing tools and best practice methodologies in OT cyber-security and risk management. For this project, Securing Distributed Energy Resources, Radiflow worked with the NCCoE and a collaboration of technology vendors and SME’s from NIST and MITRE  to develop and test  a comprehensive cybersecurity solution to protect DER.

[inject id=’code-47fd23f73a9caecab1e206306adae7f9′]

The challenges posed by DER grids

DERs introduce two main security challenges:

• DERs often operate IIoT devices that lack the level of communication security offered by traditional utility systems.
• The multitude of small, limited-capacity power suppliers in DERs, who (by nature of wind or solar) offer only periodically, means that the entire network is more dynamic due to supply fluctuations. The constant, real-time supply and transmission changes require a higher degree of ICS automation, which in itself introduces cybersecurity risks.

Scope of the NCCoE project

The NCCoE’s declared goal for the project (in which Radiflow is an active participant) is “to improve the overall cybersecurity of IIoT devices in a DER environment” through ensuring information exchange authenticity between distribution controls centers and DERs; malware prevention, detection, and mitigation; and providing trusted identification of DER devices and control systems.  By accelerating dissemination and use of these integrated tools and technologies for protecting DERs, the NCCoE will enhance trust in U.S. information technology (IT) and operational technology (OT) communications, data, and storage systems; and reduce risk for companies and individuals using IT/OT systems;

On the outcome/benefits side, NCCoE specifies the business benefits of the project:

• Instilling risk-based approach toward protecting DERs, that’s based on industry standards and best practices
• Ensuring the integrity of transactions through protecting and monitoring IIoT communications for potential malware infections
• Behavioral monitoring to detect deviations from operational norms
• Analysis and visualization processes to monitor data, identify anomalies, and alert operators
• Improving grid reliability through protecting DERs against cyberattacks
• Ensuring continuous control over DERs by distribution operators in the event of an attack
• Ensuring the generation of records of commanded actions across all DERs

Radiflow’s alignment with the project’s goals

One of the tenets of the NCCoE’s project is instilling a proactive risk-based approach to securing distributed grids.  This allows grid owners and DER operators to optimize their OT security expenditure based on each DER’s ICS network’s individual characteristics and each owner’s preferences.

Radiflow has championed the transition to risk-based OT security, represented by its flagship CIARA industrial risk assessment and management platform. For its risk analyses, CIARA performs numerous breach and attack simulations uses thousands of data points related to the network and its threat environment, including:

• Threat intelligence information for attackers/attack tactics, derived from threat-intelligence (TI) sources
• Network and device characteristics: device vulnerabilities, network topology, zones/business units and the security requirements for each (derived from the Radiflow-generated digital image of the DER network), the locale the DER operates in and more
• Current protections installed on the network
• The impact of an attack on each and every business unit

The results of the analysis are used for decision-maker reports as well as for drafting a hardening plan that prioritizes mitigation measures by their contribution to advancing the network owner’s security goals (CIARA enables specifying own criteria for network security optimization, e.g. reducing overall risk, hardening critical operations or improving compliance with standards.)

Beyond risk management, Radiflow provides a comprehensive array of solutions for threat and anomaly detection, network visualization (in the form of a down-drillable network map) and rules-based management of inter- and intra-network communications, all tightly aligned by the goals of the NCCoE project.