Eleven security vendors earned a share of the $30 million the Department of Energy (DoE) will disperse so they can develop technology to better protect the nation’s electric grid, oil and gas infrastructure from cyber attack.
The projects, which will combine power system engineering and cyber security, will include testing of the new products to demonstrate their effectiveness and interoperability, the DOE said.
The 11 projects selected include:
ABB Inc: ABB earned a $2.7 million grant to develop a system that allows substation devices to work together to validate the integrity of communications, such as commands to change a protective relay’s configuration, and assess the potential impact on grid operations.
Electric Power Research Institute, Inc.: EPRI will develop a framework that allows utilities to centrally manage the remote configuration of their energy delivery system devices – regardless of vendor or age – more securely.
Foxguard Solutions, Inc.: Foxguard will develop a service that allows utilities to simplify the process of keeping up-to-date with the most current firmware and software patches and updates.
Georgia Tech Applied Research Corporation: The company will develop a technology that evaluates energy delivery system control commands to anticipate their impact on power grid operations and, if needed, implement cyber security responses to prevent disruptions.
Grid Protection Alliance: The alliance will develop an architecture that enables more secure substation communications for data generated by legacy or modern energy delivery devices.
National Rural Electric Cooperative Association: NRECA will develop a network that allows utilities and small electric cooperatives with limited resources to centrally manage their networks more securely.
Schweitzer Engineering Laboratories, Inc.: The company will develop an integrated cyber-physical access control system that simplifies the process of managing access to energy delivery facilities.
Schweitzer: The company will develop a radio platform for more secure “last mile” wireless communications used with remote energy delivery infrastructure such as distribution substations.
Schweitzer: Schweitzer will develop software that allows utilities to centrally manage their local area networks more securely, providing real-time awareness of cyber activity and rerouting network traffic in response to cyber intrusions.
TT Government Solutions, Inc.: TT will develop a technology that analyzes and visualizes smart meter wireless communications to quickly detect unusual behavior that could suggest a cyber-attack.
Viasat, Inc.: Viasat will develop an architecture that gives utilities awareness of the status of their energy delivery systems’ cyber security, and allows them to automatically respond to cyber intrusions as predetermined in the utility’s cyber security policy.
A survey of U.S. utilities in May shows what utilities are up against. That survey called “Electric Grid Vulnerability,” said more than a dozen utilities said cyber attacks were daily or constant. The survey ended up commissioned by U.S. Democratic Representatives Edward J. Markey and Henry A. Waxman who are members of the U.S. House Energy and Commerce Subcommittee.
According to an IDG News Service story, the survey came in response to widespread concerns that hackers could damage parts of the U.S. power grid, causing widespread outages and prolonged economic effects. Power outages and quality disturbances cost the U.S. economy upwards of $188 billion annually, with single outages costing as much as $10 billion, the report said. Replacing large transformers, for example, can take more than 20 months.
The U.S. Congress has not delegated oversight of utilities’ cyber security to a federal agency. An industry organization, the North American Electric Reliability Corporation (NERC), publishes both mandatory and voluntary security standards, the report said. In 2010, the U.S. House of Representatives passed the GRID Act, which would have given the Federal Energy Regulatory Commission the authority to protect the electricity grid. But the legislation did not pass the Senate, and the issue remains inactive in the House, the report said.
Since 2010, the DOE said it has invested more than $100 million in cyber security research and development through awards and funding provided to industry, universities and national laboratories.