Sandia Labs FY21 LDRD Annual Report

FY21 ANNUAL REPORT

Sandia researchers Thushara Gunda, front, and Nicole Jackson examine solar panels at Sandia’s Photovoltaic Systems Evaluation Laboratory as summer monsoon clouds roll by. Using machine learning and data from solar farms across the U.S., they uncovered the age of a solar farm, as well as the amount of cloud cover, have pronounced effects on farm performance during severe weather. (Photo by Randy Montoya)

Distributed energy resource honeypots and canaries. There are now over 2.5 million Distributed Energy Resource (DER) installations connected to the U.S. power system. These installations represent a major portion of American electricity critical

infrastructure, so a cyberattack on these assets in aggregate would significantly affect grid operations. Virtualized Operational Technology (OT) equipment has been shown to provide practitioners with situational awareness and better understanding of adversary tactics, techniques, and procedures. Deploying synthetic DER devices as honeypots and canaries not only would open new avenues of operational defense and threat intelligence gathering, but also empower DER owners and operators with new cyber-defense mechanisms against the growing intensity and sophistication of cyberattacks on OT systems. Well-designed DER canary field deployments would deceive adversaries and provide early-warning notifications of adversary presence and malicious activities on OT networks. This Resilient Energy Systems LDRD team designed a high-fidelity, Python-based, cyber-physical DER honeypot/canary prototype that includes a SunSpec Modbus communication interface, which exposed data points for environmental, power system, and power electronics behaviors that mirrored physical DER equipment. To fully disguise and deploy authentic DER device technologies and to fool highly-sophisticated adversaries, further research is needed to increase realism in the communication systems, power conversion emulation, and unique environmental factors that dictate DER device behaviors. (PI: Jay Johnson)

69

LABORATORY DIRECTED RESEARCH & DEVELOPMENT