Dive Brief:
- The U.S. Department of Energy in February announced it would award $45 million to 16 “next-generation” grid cybersecurity projects that will focus on artificial intelligence, machine learning and automated vulnerability detection.
- The Electric Power Research Institute will receive more than $22 million to lead five projects, including using AI to detect attacks on power generators and in control systems at the grid edge. On Tuesday EPRI said it would collaborate with more than 20 utilities, universities, security companies and other entities on the projects.
- More than $3.3 million will go to Texas A&M University-Kingsville to secure distributed energy resources. A Chinese hacking campaign dubbed Volt Typhoon targeted Texas energy infrastructure last year, but was unsuccessful in breaching the Electric Reliability Council of Texas system.
Dive Insight:
There were 37 “China-related cyber events” in 2023 documented by the Electricity-Information Sharing and Analysis Center, which gathers and analyzes security data for the industry.
China is “the preeminent threat in an unpredictable world,” E-ISAC said in its year-end report, and Volt Typhoon “drew notable concern because it specifically targeted U.S. infrastructure.” Looking ahead, new technologies like artificial intelligence “can spur positive innovation” though they may also come with risks, the industry group said.
“Last year's Chinese-backed attempt on the Texas power grid underscores the importance of developing innovative methods to protect our energy infrastructure from cyberattacks,” Rep. Vicente Gonzalez, D-Texas, said in a statement acknowledging the DOE funding for his state.
The Texas A&M project at Kingsville will “research, develop, and demonstrate a zero-trust authentication mechanism with post-quantum cryptography to reduce the cyber-physical security risks to DER devices and networks,” according to a DOE list of funded projects.
Cyberattacks have the potential to “cause significant disruption to the reliable flow of energy to American homes, businesses, and communities,” DOE said. The funded projects “will address a wide range of current and emerging cyber threats facing energy systems from generation through delivery.”
EPRI said it will be working on projects to:
- Develop advanced AI and data processing capabilities “to detect and respond to cyber security incidents in control system networks at the edge”;
- Develop zero trust architectures focused on integrating DERs and microgrids;
- Advance the development of communications standards for authentication and authorization services;
- Create automated methods to discover and mitigate cybersecurity vulnerabilities; and
- Apply artificial intelligence to digital twins to detect attacks in power generation assets.
Across the projects, EPRI will collaborate with entities including Southern Co., Consolidated Edison, George Mason University, Anterix, Ameren, MITRE, Schneider Electric, Delaware State University, NVIDIA and others.
“As power companies become increasingly blended across information technology, operational technology, and telecommunications infrastructure, cybersecurity is a critical priority,” EPRI Technical Executive of Digitalization Jason Hollern said in a statement.
