In the U.S. Department of Energy (DOE) CyberForce Competition, college and university students from across the United States joined virtually and in person to attempt to thwart a simulated cyberattack on the solar installation of an electric vehicle manufacturer.
The CyberForce Competition, led by DOE’s Argonne National Laboratory part of DOE’s CyberForce Program, focuses on developing the next generation of cyber defenders, which DOE says are in short supply. DOE estimates that unfilled cybersecurity careers will reach over 1.8 million by 2022.
“Cybersecurity is critical in the energy sector as our systems become increasingly interconnected and complex,” said Puesh Kumar, director of DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER). “Preparing the cyber professionals of the future is as important as improving the technology we use to protect our infrastructure. The CyberForce competition is an unparalleled opportunity for students to gain real-world experience as they test their cybersecurity skills to protect energy infrastructure.”
Cyber threats have become more commonplace in recent years. For example, in February, thousands of internet users in Europe lost service when a satellite operator experienced a “cyber event”. The same attack also knocked nearly 6,000 wind turbines offline in Germany and Central Europe, with a combined output of 11GW. In the same month a hacker breached a water treatment plant in the U.S. and a ransomware attack on Colonial Pipeline in May led the company to shut the pipeline down temporarily and saw people panic-buying gas into scarcity across the Southeast.
The potential damage to rooftop solar, batteries and other distributed energy resources is also real and growing, according to a recent DOE report. DERs now total 90 GW of capacity in the U.S.,and are expected to grow to 380 GW by 2025, the report said.
Past cyberattacks on renewable generation indicate the risk of attacks on DERs, said Meg Egan, a control systems cybersecurity analyst with the Idaho National Laboratory, in a recent DOE cybersecurity webinar. Three nations are capable of cyberattacks, as are criminal groups, she said, noting 10 cyberattacks on large-scale renewable generators or renewables firms since 2019 worldwide.
This year’s competition, held last week both virtually and in person in Illinois, capitalized on the expertise of current national laboratory staff that had previously hosted four successful cyber defense competitions. The competitions involve interactive, scenario-based events, where participants engage in cybersecurity activities including methods, practices, strategy, policy, and ethics.
In this year’s scenario, students were charged with helping the EV manufacturer secure the systems of its recently acquired solar installation. When the installation appears compromised, the students must assess its vulnerabilities and develop a series of innovations to protect and strengthen it against existing and future attacks.
The competition uses realistic components, such as cyberphysical infrastructure, lifelike anomalies and constraints, and actual users of the systems who engage students in compelling emergency scenarios. Participants are scored on their “out-of-the-box” and innovative ideas and defenses, which stem from the real-world constraints provided in the scenario. One such constraint, for example is “no budget,” in which participants develop a working defense using zero dollars and ensuring that the system’s intended purpose is not deprecated.
The competition is managed by the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), with Argonne as the lead national laboratory providing leadership, planning and subject matter expertise. In addition, DOE national laboratories Idaho National Laboratory, Lawrence Livermore National Laboratory, National Renewable Energy Laboratory, Pacific Northwest National Laboratory and Sandia National Laboratories are partnering with Argonne to provide technical support.
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: email@example.com.