The Department of Energy lab last month launched the Cybersecurity Program Office to take that growth further.

NREL said it had established the CPO to “accelerate [its] leadership in securing renewable energy technologies and distributed energy systems” and named Jonathan White to run it.

“This new program office will position NREL to play a lead role in developing cybersecurity technologies that keep pace with today’s evolving energy infrastructure and provide a pathway to secure tomorrow’s energy system,” Juan Torres, NREL associate laboratory director for Energy Systems Integration, said in NREL’s announcement of CPO’s creation. “Under Jon’s leadership, we will be increasing our cybersecurity impact for federal and industry partners.”

White joined NREL in 2018 and the lab credits him with having significantly increased the capability and impact of its cybersecurity research. He previously managed NREL’s Secure Cyber-Energy Systems Group and led the development of its Cyber-Energy Emulation Platform (CEEP), which generates emulated, multilayer grid environments that allow researchers to visualize and evaluate the interdependencies of power systems and communications networks, as well as explore their vulnerabilities and the effectiveness of methods for mitigating threats to them.

As head of CPO, White serves as laboratory program manager to the Department of Energy Office of Cybersecurity, Energy Security and Emergency Response (CESER), which works to improve the security of the nation’s energy infrastructure and support the DOE’s national security mission. He also is tasked with fostering new relationships with diverse sponsors to advance NREL’s research in grid security for distributed energy systems. Additionally, he continues to lead the cybersecurity area of NREL’s Advanced Research on Integrated Energy Systems (ARIES) platform.

The NREL anticipates CPO building on the success of its Energy Security and Resilience initiative, which has resulted in rapid and continuing growth in the lab’s cybersecurity funding and staffing since NREL launched it in October 2020. The NREL said CPO will take the lead in its cybersecurity research strategy and provide recommendations for the future staffing, capabilities, and facilities needed to support a leading, internationally recognized cybersecurity program.

“In line with NREL’s core expertise of systems integration toward a modern grid, CPO will be dedicated to technology R&D, policy, and training needed for leading-edge cybersecurity innovations,” White said. “We’re envisioning solutions that autonomously identify and respond within distributed energy systems comprising a hybrid mix of renewable energy technologies, such as wind, solar, storage, and hydropower.”

ARIES, whose cybersecurity area White still leads, will help NREL develop those solutions. 

NREL describes ARIES as a research platform that can match the complexity of the modern energy system, thereby enabling integrated research to support the development of groundbreaking energy technologies. It represents a substantial scale up in experimentation capability from previous platforms, allowing research at the 20 megawatt level, and its scale is amplified by a virtual emulation environment powered by NREL’s 8-petaflop supercomputer.

NREL says ARIES will enable the electric power industry to understand the impact of and get the most value from the millions of new devices — such as electric vehicles, renewable generation, hydrogen, energy storage, and grid-interactive efficient buildings — that are being connected to the grid daily. Its scale, according to NREL, will also enable the industry to consider and understand opportunities and risks with the growing interdependencies between the power system and natural gas, transportation, water, and telecommunications systems.

ARIES’ cybersecurity research area is meant to help close the system-level security gaps that emerge from distinct hardware and software becoming integrated. By creating digital twins of clusters of research hardware, ARIES can simulate and detect attacks on communications and control systems that are still evolving, thereby reducing the energy systems’ overall vulnerabilities.

NREL isn’t the only DOE unit taking steps to ensure that the integration of renewable energy into the nation’s power grid doesn’t create vulnerabilities for cyber-attackers to exploit.

The Wind Energy Technologies Office, which is part of the Office of Energy Efficiency and Renewable Energy, last July issued a “Roadmap for Cybersecurity,” which summarized critical infrastructure cybersecurity best practices and gave a list of possible next steps the wind industry could take to strengthen its cyber resiliency.

Also, the Solar Energy Technologies Office last April awarded a $3.6 million grant to a project called “Multilevel Cybersecurity for Photovoltaic Systems” that is being undertaken by a group of research institutions and companies led by Alan Mantooth, who directs the University of Arkansas’ National Center for Reliable Electric Power Transmission.

The project is focused on developing cybersecurity systems for photovoltaic energy technology and devices, especially the inverters that link solar power arrays to the grid. Issues it is addressing include supply-chain security, real-time intrusion detection methods, identifying and mitigating vulnerable spots, control system security and safety protocols.

In addition to the University of Arkansas, the group includes the University of Georgia, the University of Illinois at Chicago, Texas A&M University Kingsville, NREL, Argonne National Laboratory, General Electric, Ozarks Electric Cooperative and Today’s Power.