October 28, 2021, I gave a presentation to the US Secretary of Energy’s Advisory Board (SEAB) on the need for process sensor monitoring. The SEAB meeting can be found at https://www.energy.gov/seab/seab-meetings as well as my prepared presentation. My short presentation is at approximately the 1 Hour 20-minute timeframe. In the SEAB meeting, DOE was looking to address hard technical barriers. Cyber-securing process sensors fall into that category. Malicious or unintentional sensor failures have had wide-ranging impacts. A failure of ONE process sensor caused a significant load swing in the local grid that rippled through the entire Eastern Interconnect causing a significant load swing more than a thousand miles away.
Sometime in September 2021, three of the premier DOE national laboratories – ORNL, PNNL, and NREL, did a study of “Sensor Impacts on Building and HVAC Controls: A critical review for building energy performance”. The report notes that cybersecurity threats are increasing, and sensor data delivery could be hacked as a result. The Chinese have provided counterfeit pressure sensors to the North American market and installed hardware backdoors in large power transformers – hardware supply chain issues. Yet, neither process sensor cyber security or hardware supply chain issues were addressed by DOE or their advisors at the SEAB meeting or the October 20-21, 2021 DOE Electricity Advisory Committee meeting.
DOE needs to take process sensor cyber security more seriously.
Comments to the US Secretary of Energy’s Advisory Board on lack of process sensor cyber security
