Comments to the US Secretary of Energy’s Advisory Board on lack of process sensor cyber security

Oct. 31, 2021
October 28, 2021, I gave a presentation to the US Secretary of Energy’s Advisory Board (SEAB) on the need for process sensor monitoring. The SEAB meeting can be found at  https://www.energy.gov/seab/seab-meetings as well as my prepared presentation. My short presentation is at approximately the 1 Hour 20-minute timeframe. In the SEAB meeting, DOE was looking to address hard technical barriers. Cyber- securing process sensors falls into that category. Malicious or unintentional sensor failures have had wide-ranging impacts. A failure of ONE process sensor caused a significant load swing in the local grid that rippled through the entire Eastern Interconnect causing a significant load swing more than a thousand miles away. September 2021, three of the premier DOE national laboratories - ORNL, PNNL, and NREL, did a study of “Sensor impacts on building and HVAC controls: A critical review for building energy performance”. The report notes that cybersecurity threats are increasing, and sensor data delivery could be hacked as a result. The Chinese have provided counterfeit pressure sensors to the North American market and installed hardware backdoors in large power transformers – hardware supply chain issues. Yet, neither process sensor cyber security or hardware supply chain issues were addressed by DOE or their advisors at the SEAB meeting or the October 20-21, 2021 DOE Electricity Advisory Committee meeting. DOE needs to take process sensor cyber security more seriously.

October 28, 2021, US Secretary of Energy Granholm held the first meeting of her Advisory Board (SEAB). The SEAB meeting can be found at  https://www.energy.gov/seab/seab-meetings. The Board was established to provide advice and recommendations to the Secretary on the Administration’s energy policies; the Department’s basic and applied research and development activities; economic and national security policy; and other activities as directed by the Secretary. The presentations included DOE’s “Energy Earthshot Initiative” and a focus on clean energy by the Secretary. Public comments were presented by Michael Mabee, Joe Weiss, David Bardin and Tommy Waller. My oral presentation is at approximately the 1 Hour 20-minute timeframe. My formal comments are on the DOE SEAB website.

DOE stated they are looking to address hard technical barriers. Cyber-securing process sensors falls into that category because:

- There are tens of millions of legacy process sensors in all process applications (this does not include the additional tens of millions of IOT sensors in personal and residential applications). Process sensors have no cyber security, authentication, or cyber logging and may not be able to be updated for cyber security. There is an entire ecosystem involved including the sensors, the sensor networks, communication protocols, and security technologies making this a hard technical barrier.

- There has been a prevailing view that process sensor cyber security is not a concern because it can only have local effects. However, a failure of ONE process sensor caused an interconnection-wide oscillation resulting in a 200 MegaWatt load swing in the local grid in Florida that rippled through the entire Eastern Interconnect causing a 50 MegaWatt load swing in New England! This is but one example. Addressing the system interactions that enable sensors to compromise bigger processes, in this case the grid, is a hard technical barrier.

- Smart Grid, Smart Manufacturing, Industry 4.0, etc.  are based on “sensors everywhere” and big data analytics of the sensor data. If you can’t trust the input sensor data, the big data analytics are untrusted - a hard technical barrier.

- DOE priorities such as clean energy and the Energy Earthshot Initiative will rely on accurate and secure process sensors – a hard technical barrier.

- July 2019, I was an invited panelist at the DOE National Energy Renewable Laboratory (NREL) “Assessing the Impact of Cybersecurity on the Nation’s Wind Farms” Conference to discuss the cyber security of process sensors. Sensor cyber security issues were new to the attendees. One of the conclusions was the need for Engineering and networking organizations to work together. Monitoring of the process sensors will force these disparate communities to work together which can result in game-changing improvements. This can address hard technical and non-technical barriers.

- September 2021, three of the premier DOE national laboratories - ORNL, PNNL, and NREL, published a study of “Sensor impacts on building and HVAC controls: A critical review for building energy performance”. The study provided a sophisticated literature review on sensor systems in building/HVAC systems. The report noted that cybersecurity threats are increasing, and sensor data delivery could be hacked as a result. According to the report, how hacked sensor data affects building control performance must be understood (this can only be done by control system, not network experts). A typical situation could include sensor data being modified by hackers and sent to the control loops, resulting in extreme control actions. To the best of the DOE authors’ knowledge, no such study has examined this challenge – a hard technical barrier. However, my non-public database of control system cyber incidents includes more than 75 building/facility control system cyber incidents including some that were caused, or exacerbated, by process sensor issues. 

- If you can’t trust what you measure, you can’t have cyber security. Yet, cyber security of process sensors are out-of-scope for the NERC Critical Infrastructure Protection (CIPs) cyber security standards and were not addressed by DOE or their Advisors in the SEAB meeting or in the October 20-21, 2021 DOE Electricity Advisory Committee meeting – a hard non-technical barrier.

- If you can’t trust what you measure, you can’t have situational awareness. Yet, October 28th, 2021, DOE allotted funding for situational awareness without addressing the integrity of the process sensors – a hard non-technical barrier

- Counterfeit process sensors and hardware backdoors are hardware supply issues. Yet, hardware supply chain issues were not addressed by either DOE or their Advisors in the SEAB meeting or in the October 20-21, 2021 DOE Electricity Advisory Committee meeting – a hard technical barrier that can be existential with the Chinese in our grids and other critical infrastructures.

Summary

Cyber-securing process sensors is a hard technical barrier that needs DOE’s attention.  DOE needs to take process sensor cyber security seriously, encourage the paradigm change of monitoring the process sensors, encourage cyber security training for the personnel responsible for process sensors, and coordinate with CISA and other government and industry experts to address process sensor cyber security issues.

Joe Weiss

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.