Skip to main content
Organization News

Researchers develop cybersecurity technology to protect critical energy infrastructure

Jordan Johnson and a team of ORNL cybersecurity researchers introduced a new virtual twin to defend SCADA systems and improve the cybersecurity of critical energy infrastructure. Credit: Carlos Jones/ORNL, U.S. Dept. of Energy

A team of cybersecurity researchers from the Department of Energy’s Oak Ridge National Laboratory recently took a step toward greater energy grid security by introducing a new virtual twin to defend Supervisory Control and Data Acquisition, or SCADA, systems.

SCADA systems are designed to monitor and control organizational equipment and processes. These systems are commonly deployed within power stations, where they help monitor and regulate the electrical grid.

In February, ORNL presented a paper about the technology at the Institute of Electrical and Electronics Engineers Power and Energy Society’s 2022 Innovative Smart Grid Technologies Conference in Washington, D.C.

A typical SCADA system aggregates data from an entire subsystem of electronic devices such as circuit breakers, energy meters and transformers and to regulate their activity. Operators set the parameters that tell the system’s control center how to regulate the function of downstream devices.

A critical component of most SCADA systems is the automation controller, the central device responsible for aggregating data from a subsystem and sending it to the control center. The automation controller is a prime target for cyberattacks because of its role as a gateway into a SCADA subsystem and the havoc that could result from loss of control over it.

To help defend this critical component, the ORNL team introduced the virtual SCADA automation controller, or VAC, a digital twin to the physical automation controller. During standard operation, the VAC is not connected to the rest of the network and simply monitors the conditions of the physical automation controller. The VAC creates a digital copy of the expected operations of the physical automation controller and evaluates the physical controller's actual behavior against that copy to detect anomalies. In the event of a cyberattack or other issue with the physical SCADA automation controller, the VAC isolates it from the rest of the network while maintaining its state for later forensics and begins acting as a surrogate automation controller until the problem is diagnosed and corrected.

ORNL’s Jordan Johnson, the team’s principal investigator and lead author, said the new technology allows increased security, flexibility and functionality in SCADA systems without substantial hardware costs. Johnson added that a key component of the utility of the VAC system is the use of software-defined networking.

“The idea behind software-defined networking is that you can virtualize part of the network so you can actually lock down which devices are allowed to talk to each other and how they're allowed to talk to each other,” Johnson said. “This adds a new layer of security and reconfigurability.”

Software-defined networking allows the VAC to take the standard automation controller offline in the event of a problem and provides a high degree of flexibility in the SCADA system, which future research efforts can build upon.

“This is not just a step in the right direction for industry but also a step in the right direction for research in general, moving from study to real-world application,” Johnson said. “From here, we can easily stand up these types of systems and then continually improve them.”

This research was funded by ORNL’s Laboratory Directed Research and Development program.

UT-Battelle manages ORNL for the Department of Energy’s Office of Science, the single largest supporter of basic research in the physical sciences in the United States. The Office of Science is working to address some of the most pressing challenges of our time. For more information, please visit — Galen Fader