The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

Publication

Module-OT: A Hardware Security Module for Operational Technology

image credit: Danish Saleem
Danish Saleem's picture
Senior Cybersecurity Systems Researcher National Renewable Energy Laboratory

Danish Saleem serves as DER Cybersecurity Standards Lead in the Energy Security and Resilience (ESR) center of National Renewable Energy Lab (NREL). He works with the public and private sector to...

  • Member since 2019
  • 9 items added with 5,951 views
  • Mar 17, 2020
  • 1313 views

Access Publication

I’d like to share with the Energy Central community a conference paper on hardware security for operational technology in the utility sector. I presented this paper at Texas Power and Energy Conference (TPEC) in February 2020 and it has received the best paper award. 

 

Below is the abstract, and please click the attached resource to read the full paper:

Abstract: Increased penetration levels of renewable energy and other types of distributed energy resources (DERs) on the modern electric grid—combined with technological advancements for electric system monitoring and control—introduce new cyberattack vectors and increase the cyberattack surface of energy systems. According to the IEEE Std. 1547-2018, DERs must use Modbus, Distributed Network Protocol 3 (DNP3), or Smart Energy Profile 2.0 (SEP2) as their communication protocol. Previous research identified several vulnerabilities and security breaches in each one of these communication protocols; despite this, existing standards for DERs do not recommend cybersecurity measures. In order to reduce vulnerabilities in power distribution systems, this paper presents a novel open-source hardware security module that improves both information and operational security to better protect data and communications on the distribution grid. The security hardware is called “module for operational technology,” or simply Module-OT, and it has been validated and tested in an emulated distribution system application. Module-OT is integrated within a communication system in the transport layer of the Open Systems Interconnection (OSI) model. It improves system security through encryption, authentication, authorization, certificate management, and user access control. The main advancement of Module-OT is the addition of hardware encryption acceleration that improves the overall communication performance in terms of end-to-end latency.

Danish Saleem's picture
Thank Danish for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
Matt Chester's picture
Matt Chester on Mar 17, 2020

Really interesting-- thanks for sharing, Danish.

On a broad level, how would you rate the security preparedness of the average utility? With papers like yours, do you think the industry is still having to play catchup more than they should have to?

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »