Cybersecurity Resilience Demonstration for Wind Energy Sites in Co-Simulation Environment

Abstract

Sandia National Laboratories and Idaho National Laboratory deployed state-of-the-art cybersecurity technologies within a virtualized, cyber-physical wind energy site to demonstrate their impact on security and resilience. This work was designed to better quantify cost-benefit tradeoffs and risk reductions when layering different security technologies on wind energy industrial control system, operational technology networks. Standardized step-by-step attack scenarios were drafted for adversaries with remote and local access to the wind network. Then, the team investigated the impact of encryption, access control, intrusion detection, security information and event management, and security, orchestration, automation, and response (SOAR) tools on multiple metrics, including physical impacts to the power system and termination of the adversary kill chain. We found, once programmed, the intrusion detection systems could detect attacks and the SOAR system was able to effectively and autonomously quarantine the adversary, prior to impacting the power system. Cyber and physical metrics indicated good network and endpoint visibility were essential to demonstrate the resilience of the system. In particular, certain hardening technologies, like encryption, reduced access to the adversaries, but recognition and response were able to ensure there was no impact to the operation of the wind site generators.