The US National Renewable Energy Laboratory (NREL) is developing a tool that could advance hydropower plant cyber security through artificial intelligence (AI).

The data-driven and hardware-agnostic Cysat-Hydro cyber-security situational awareness tool for hydropower is emerging amid two significant storylines in the energy world.

The first is the rapid growth of internet-connected distributed energy resources that can be integrated with large generation sources such as hydroelectric plants and could create cyber-security risks for those plants’ digital interfaces on the grid. The second is several high-profile cyber attacks targeting energy systems in recent years. Notably, the May 2021 ransomware attack on the Colonial Pipeline not only cost the pipeline’s operators millions of dollars but also wreaked havoc on the gas supply for millions of Americans along the eastern seaboard.

“If you examine the past ten to fifteen years, there has been an increase in malicious and nation-sponsored actors attempting to hack and compromise critical infrastructure, such as the power grid, due to the significant impact and enormous monetary benefits,” said Vivek Kumar Singh, a senior cyber-security researcher at NREL (www.nrel.gov). Singh is part of the team that developed the tool.

Over the past decade, there has been a nationwide push to modernise the US power grid. Technologies, such as smart meters, data aggregators, advanced communication infrastructure, wide-area control systems and edge computing, are being used to integrate clean energy sources.

Hydropower plants are part of the smart-grid technology trend. Operators are increasingly integrating small hydropower facilities with energy storage systems to provide reliable power supply at a peak market rate.

A key application of smart-grid technology is the use of hydropower-integrated battery energy storage systems to provide frequency regulation services. These types of integrated systems let operators access and communicate with the various grid components surrounding hydropower plants more easily, reducing operation costs for owners of hydropower assets.

Any digital space presents a potential opportunity for persistent hackers to access and compromise a network. Cysat-Hydro is designed to protect those potential points of access to ensure the grid’s reliability.

While smart-grid technologies increase the grid’s reliability, they could also create new attack surfaces for hackers to compromise the grid network.

“If you have so many data points and so much communication happening, it increases the attack surface and chances of a cyber attack,” Singh said.

The need to protect new potential points of access to the grid is why the US Department of Energy supported the development of a tool to enhance the cyber security and resilience of hydropower plants.

Many of the cyber attacks the grid could face are stealthy and require little knowledge of the grid itself to conduct. They could come in the form of denial-of-service attacks, in which the attacker may only require small amounts of information about the power system, such as an IP address.

“As the grid becomes increasingly interconnected with numerous internet-of-things devices, the threat of such attacks is growing tremendously,” Singh said.

Some potential cyber attacks targeting hydropower-integrated battery energy storage systems could include line tripping attacks and data integrity attacks on regulation signals. The former would involve unauthorised tripping of a relay to disconnect distribution power lines or loads, while the latter would involve modifying the incoming regulation signals to disrupt frequency regulation. The creators of Cysat-Hydro looked at these types of attack vectors while developing the tool.

Cysat-Hydro uses AI to detect anomalies in the operational technology network that are often stealthily deployed. It then sends detailed information about cyber attacks to system operators and analyses grid performance in real time to help operators restore grid functionality after an attack. It also computes technical and economic grid performance metrics of various distributed energy resources. These metrics help grid operators understand the value of the tool.

“Think about the duration of a cyber attack and how much it could cost operators,” Singh said. “If an attack shut down a hydro plant for five hours, it might cost you a huge amount of money as the operator, and it could affect flood control and local water supplies and ecosystems. This tool would potentially circumvent any of those issues by helping prevent the attack in the first place.”

The tool supports a user-friendly API that is compatible across operating systems. A real-time visualisation dashboard gives users a comprehensive view of grid operations, network traffic and intrusions, among other data.

Because the tool will be made open source and publicly available, it can be broadly deployed more easily. It can also be applied to other grid technologies and other critical infrastructures outside the power grid, such as water and gas pipelines.

“This tool is completely data-oriented, meaning if you have an understanding of what happened during a cyber attack and where it happened, you could apply this tool to other supervisory control and data acquisition systems outside of hydroelectric facilities,” Singh said.

As the development of Cysat-Hydro reaches its final stages, Singh hopes the tool’s adaptability will enable future growth.

“We are looking for potential field demonstration and technology commercialisation in partnership with industry vendors and utilities,” Singh said. “Further, we plan to continue working on this tool’s development with more case studies to improve its functionality. When we give our final update, we will also look into what we can do with Cysat-Hydro next to advance the state of cyber security for clean energy systems.”