NIST is Hunting for Tech to Secure the Energy Sector’s Network

The National Institute of Standards and Technology is seeking input from tech and cyber experts on how to secure the countless internet-connected devices that are attached to the nation’s power grid.

On Tuesday, NIST put out a call for products and proposals that would help the energy sector lock down the industrial internet of things, the extensive web of control systems, sensors and other network-enabled devices that companies use to manage the grid. The most promising respondents will have the opportunity to demo their products and strategies before energy sector representatives, according to a post on the Federal Register.

The program will specifically focus on securing the flow of data from distributed energy resources, or DERs, which include wind turbines, solar panels and other decentralized energy storage and generation systems. DERs are becoming commonplace as more of the country turns to renewable energy, though today federal officials worry the systems could leave the grid vulnerable to attack.

DERs rely on a wide array of internet-connected devices to share information with the central grid, though these tools share many of the same security gaps that plague the commercial internet of things. Additionally, energy companies are turning to automation to manage their growing network of DERs, which creates more potential opportunities for digital adversaries to disrupt the grid.

“Managing the automation, the increased need for information exchanges, and the cybersecurity associated with these presents significant challenges,” NIST officials said in the program description. “As an increasing number of DERs are connected to the grid there is a need to examine the potential cybersecurity concerns that may arise from these interconnections.”  

Through the program, NIST’s National Cybersecurity Center of Excellence aims to create guidance and reference architectures that energy companies could use to build stronger defenses for their digital infrastructure. 

In the post, NIST said it’s looking for products that improve analysis and visualization of network data, ensure data integrity and log the flow of information between DERs and other control systems. Officials are also interested in technologies that can strengthen authentication and access control for both humans and devices, detect malware and flag suspicious behavior on the network.

All proposed products and services proposed must already be commercially available, officials said in the post. Responses are due by Nov. 7.

The program comes as federal officials grow increasingly concerned that foreign adversaries have the ability to shut down the nation’s power grid through a cyberattack. Russia hackers have reportedly already planted malware within U.S. power plants and utility systems that could give them the ability to shut down or otherwise sabotage facilities with the push of a button. While they haven’t yet disrupted any operations, such an attack would have devastating impacts on the country, and could potentially lead to conflict in the physical world.

To combat the threat of power grid cyberattacks, some lawmakers have proposed reintroducing analog switches and other non-digital controls to the country’s energy infrastructure. Such systems would essentially act as physical moats, allowing operators to isolate certain sections of the grid if they become compromised and keeping hackers from running rampant across energy networks.