Researchers fight cyber threats at aging US hydropower system

Washington generates more hydroelectricity than any other state, so it is fitting that research to protect the critical infrastructure responsible for generating this power is happening right here in the Tri-Cities, at the Department of Energy’s Pacific Northwest National Laboratory.

Researchers at PNNL are combining their knowledge of the hydropower system and expertise in cybersecurity to secure the operational technology of the nation’s hydropower fleet.

Their work to protect these facilities helps ensure the continued generation of affordable electricity that powers our homes and factories.

It also safeguards a key source of dispatchable power—generation that can be ramped up and down as needed to balance supply and demand—that enhances grid reliability and resilience.

The federally managed hydropower projects have an average age of about 65 years, so researchers tasked with protecting them must bridge the past to the future.

Efforts to adapt aging systems to thwart today’s constantly evolving cyber threats include developing a suite of cybersecurity tools, an operational training model and a monitoring system.

To make it easier for operators who may need to respond to and recover from a cyber incident, researchers assembled and integrated guidance from several agencies and created a cyber-physical framework and roadmap for the nation’s entire fleet. They also prepared and shared a step-by-step desk guide for navigating a cyberattack.

Fundamental to this work was an assessment of the connections and interactions among the cyber and physical components at hydropower facilities of all kinds.

By studying a representative sample of plants with a wide range of ages and uses, researchers found that they could be binned into just nine distinct cyber-physical configurations. This allows operators to more easily identify shared risks and potential mitigations.

In a separate effort to train cybersecurity professionals working on critical infrastructure, PNNL researchers developed a series of test platforms. These platforms, known as skids, are scaled-down, functional models that enable realistic exercises without putting real infrastructure at risk.

Examples of PNNL-developed skids include models of a water treatment facility, the Class 1 freight rail network and a hydropower plant. Each can be “attacked” by cyber means to explore vulnerabilities and mitigation strategies.

The hydropower skid and associated training scenarios were designed with input from regional hydropower plant operators, including Spokane-based Avista Corporation and Grant County Public Utility District.

Complete with wicket gates, turbines and other components needed to generate power, as well as small, representative industrial control systems, the skid allows operators to see the effects of unauthorized cyber access and learn how to manage the risk.

Trainees can watch water levels above and below the miniature dam as the control systems undergo a simulated cyberattack. They can monitor relays in the substation that might trip, watch for flooding or erosion and see how the power grid responds. They also get a firsthand look at how their simulated responses impact the system.

PNNL’s support in protecting hydropower plants also extends to an award-winning technology called SerialTap. This palm-sized device serves as a data collector, allowing modern network cybersecurity tools to monitor dispersed serial communication devices and legacy industrial control systems.

SerialTap makes it possible to detect cyberattacks and network anomalies so that analysts and operators can respond more quickly and effectively.

The technology will be tested by a commercial partner whose affiliate companies own and operate 85 hydroelectric facilities in the United States.

As the complexity and connectedness of the critical infrastructure we depend on for a strong economy increase, so does the risk of cyber threats with higher consequences.

Experts at PNNL are developing novel approaches to protect, detect and recover from potential cyberattacks at the hydroelectric facilities that produce nearly 6 percent of the nation’s total electricity—and more than 60 percent of the power generated in the great state of Washington.