October 28, 2021, US Secretary of Energy Granholm held the first meeting of her Advisory Board (SEAB). The SEAB meeting can be found at https://www.energy.gov/seab/seab-meetings. The Board was established to provide advice and recommendations to the Secretary on the Administration’s energy policies; the Department’s basic and applied research and development activities; economic and national security policy; and other activities as directed by the Secretary. The presentations included DOE’s “Energy Earthshot Initiative” and a focus on clean energy by the Secretary. Public comments were presented by Michael Mabee, Joe Weiss, David Bardin and Tommy Waller. My oral presentation is at approximately the 1 Hour 20-minute timeframe. My formal comments are on the DOE SEAB website.
DOE stated they are looking to address hard technical barriers. Cyber-securing process sensors falls into that category because:
- There are tens of millions of legacy process sensors in all process applications (this does not include the additional tens of millions of IOT sensors in personal and residential applications). Process sensors have no cyber security, authentication, or cyber logging and may not be able to be updated for cyber security. There is an entire ecosystem involved including the sensors, the sensor networks, communication protocols, and security technologies making this a hard technical barrier.
- There has been a prevailing view that process sensor cyber security is not a concern because it can only have local effects. However, a failure of ONE process sensor caused an interconnection-wide oscillation resulting in a 200 MegaWatt load swing in the local grid in Florida that rippled through the entire Eastern Interconnect causing a 50 MegaWatt load swing in New England! This is but one example. Addressing the system interactions that enable sensors to compromise bigger processes, in this case the grid, is a hard technical barrier.
- Smart Grid, Smart Manufacturing, Industry 4.0, etc. are based on “sensors everywhere” and big data analytics of the sensor data. If you can’t trust the input sensor data, the big data analytics are untrusted - a hard technical barrier.
- DOE priorities such as clean energy and the Energy Earthshot Initiative will rely on accurate and secure process sensors – a hard technical barrier.
- July 2019, I was an invited panelist at the DOE National Energy Renewable Laboratory (NREL) “Assessing the Impact of Cybersecurity on the Nation’s Wind Farms” Conference to discuss the cyber security of process sensors. Sensor cyber security issues were new to the attendees. One of the conclusions was the need for Engineering and networking organizations to work together. Monitoring of the process sensors will force these disparate communities to work together which can result in game-changing improvements. This can address hard technical and non-technical barriers.
- September 2021, three of the premier DOE national laboratories - ORNL, PNNL, and NREL, published a study of “Sensor impacts on building and HVAC controls: A critical review for building energy performance”. The study provided a sophisticated literature review on sensor systems in building/HVAC systems. The report noted that cybersecurity threats are increasing, and sensor data delivery could be hacked as a result. According to the report, how hacked sensor data affects building control performance must be understood (this can only be done by control system, not network experts). A typical situation could include sensor data being modified by hackers and sent to the control loops, resulting in extreme control actions. To the best of the DOE authors’ knowledge, no such study has examined this challenge – a hard technical barrier. However, my non-public database of control system cyber incidents includes more than 75 building/facility control system cyber incidents including some that were caused, or exacerbated, by process sensor issues.
- If you can’t trust what you measure, you can’t have cyber security. Yet, cyber security of process sensors are out-of-scope for the NERC Critical Infrastructure Protection (CIPs) cyber security standards and were not addressed by DOE or their Advisors in the SEAB meeting or in the October 20-21, 2021 DOE Electricity Advisory Committee meeting – a hard non-technical barrier.
- If you can’t trust what you measure, you can’t have situational awareness. Yet, October 28th, 2021, DOE allotted funding for situational awareness without addressing the integrity of the process sensors – a hard non-technical barrier
- Counterfeit process sensors and hardware backdoors are hardware supply issues. Yet, hardware supply chain issues were not addressed by either DOE or their Advisors in the SEAB meeting or in the October 20-21, 2021 DOE Electricity Advisory Committee meeting – a hard technical barrier that can be existential with the Chinese in our grids and other critical infrastructures.
Summary
Cyber-securing process sensors is a hard technical barrier that needs DOE’s attention. DOE needs to take process sensor cyber security seriously, encourage the paradigm change of monitoring the process sensors, encourage cyber security training for the personnel responsible for process sensors, and coordinate with CISA and other government and industry experts to address process sensor cyber security issues.
Joe Weiss