How to Prevent Data Breaches and Protect Energy Infrastructure

Cybersecurity of energy delivery systems is critical for protecting the energy infrastructure and the integral function that it serves worldwide. Energy delivery systems are the backbone of the energy sector and the circuitry that keeps the globe running.

Most early system designs did not anticipate the security threats posed by the integration of advances in computers and communication such as off-the-shelf software and operating systems, public telecommunication networks, and the Internet. Energy delivery systems have become more productive and efficient, but the energy sector is faced with an unprecedented challenge in protecting systems against cyber incidents and threats.

The San Diego Supercomputer Center at the University of California, San Diego, is collaborating with Reston, Va., based Leidos Holdings Inc. to develop a reference system architecture aimed at increasing security levels of microgrid control and IT systems used to manage electrical microgrids worldwide.

Microgrids Growing

Microgrids are small-scale versions of traditional larger power grids that draw energy from clean sources such as the wind and sun, as well as from conventional technology. They can be connected to a larger electric grid, but can also work independently. In addition, microgrids can more efficiently manage real-time demand, supply, and storage of energy at a lower cost and with less pollution than a conventional grid.

During the past decade the use of microgrids has grown significantly, with much of that growth occurring within the last few years. The growth has been driven by concerns about rising fuel costs for macrogrids, as well as macrogrid reliability, due to local community impacts such as loss of power to millions of people caused by natural disasters (e.g. Hurricane Irene in 2011 and Hurricane Sandy in 2012). With the advent of the smart grid, another concern comes from the awareness of cyber threats facing macrogrids.

“Given the importance of these new microgrids, it is important to take a methodical approach to creating a security architecture that can be applied to these systems in a relatively standardized manner,” said Brian Russell, chief engineer for cybersecurity solutions at Leidos.  

 Leidos is among the first companies to champion the integrated application of advanced transmission and distribution technologies for a modernized grid. The ability of a microgrid to help minimize impacts during high energy demand conditions, and the increased focus on renewable and green energy sources, has made microgrids a viable alternative for efficient energy management and distribution. 

According to a Navigant Research report, the total worldwide capacity of distributed generation contained in microgrids will more than quintuple during the next six years, growing from 764 megawatts (MW) in 2012 to about 4,000 MW in 2018, and valued at more than $12.7 billion in potential vendor revenues.

Cybersecurity of Grids

The San Diego Supercomputer Center (SDSC) project will focus on analyzing the cybersecurity aspect of one of the world’s most advanced microgrids, located on the UC San Diego campus. The university saves more than $8 million a year in power costs due to its microgrid operation.

The campus’ microgrid project has also spurred investment: the nearly $4 million that the Energy Commission has invested in the microgrid since 2008 has been leveraged to garner more than $4 million from other funding sources, both public and private.

“Improving security for our sophisticated microgrid is extremely important to us,” said Byron Washom, director of Strategic Energy Initiatives at UC San Diego. “This project will allow us to establish effective baseline security controls that could be applied to microgrids all over the world.”

A well-defined security architecture and best practices to be developed under this project will provide a defense-in-depth approach to securing microgrids, ensuring that threat vectors identified during the threat analysis phase are properly mitigated. This security architecture shall be designed to support the anticipated future growth of the UC San Diego microgrid, as well as microgrids around the world. 

“SDSC will contribute its security experience in dealing with complex supercomputer systems as well as securing sensitive data such as FISMA- and HIPAA-compliant databases, to help raise awareness of security issues facing microgrids,” said Winston Armstrong, SDSC's chief information security officer. “SDSC will also recommend improvements to harden microgrid control systems in general.”

Experts in Cybersecurity

The research work performed by SDSC is being funded by Leidos, which specializes in national security, health, engineering, and cybersecurity solutions that protect the nation's critical infrastructure. The company will not only fund the project but will also provide its expertise developed from its Smart Grid Cybersecurity program. The company helps design and implement the smart grid through a comprehensive and secure transformation of information technology and communications infrastructure.

“Leidos is committed to partnering with top tier research organizations such as UC San Diego and SDSC to improve the state of cybersecurity for our critical infrastructure,” said Julie Taylor, senior vice president for cybersecurity at Leidos. The company’s cybersecurity team employs more than 1,200 experts in cybersecurity and network defense, and has been a leader in the security market for more than 30 years.

As an Organized Research Unit of UC San Diego, SDSC is considered a leader in data-intensive computing and cyberinfrastructure, providing resources, services, and expertise to the national research community, including industry and academia. SDSC supports hundreds of multidisciplinary programs spanning a wide variety of domains.

With its two newest supercomputers, Trestles and Gordon, and a new system called Comet to be deployed in early 2015, SDSC is a partner in XSEDE (Extreme Science and Engineering Discovery Environment), the most advanced collection of integrated digital resources and services in the world.

Leidos (formerly Science Applications International Corp.) is a science and technology solutions leader with $6 billion in revenues last year. Its 23,000 employees support missions to defend the nation's digital and physical infrastructure from 'new world' threats.