In recent times, modern power systems have experienced a significant increase in the integration of Distributed Energy Resources (DERs) like solar panels, wind turbines, small-scale hydroelectric generators, and batteries. These renewable energy sources have become essential components of the power grid's energy mix due to technological advancements, environmental concerns, and the desire for energy independence. The combined capacity of DERs is projected to reach 387 gigawatts by 2025, driven by substantial investments supporting their rapid growth.

In DER systems, Operational Technology (OT) plays a vital role in managing and optimizing the operation of various components, including smart inverters, energy storage systems, electric vehicle chargers, and other energy management equipment. OT ensures the reliable and efficient operation of these devices and their seamless integration into the larger energy grid. With the continuous advancements in technology and the growing prominence of the Internet of Things (IoT), there is a rapid convergence of OT with Information Technology (IT). This convergence allows for better data analysis, real-time monitoring, and data-driven decision making, resulting in improved operational efficiency.

However, many DER systems with integrated IT and OT devices face limitations in computational power, bandwidth, storage, and memory. These constraints often hinder the implementation of essential cybersecurity solutions like monitoring and encryption, leaving the system vulnerable to cyberattacks. Consequently, unauthorized alterations in DER system OT data and control signals can cause damage to electrical infrastructure and result in outages. An illustrative example is the cyberattack on Ukrainian electric utilities in December 2015 started as a spear-phishing attack on utility IT systems. The attackers then gained control of the industrial control system network through a virtual private network, disabling OT control systems and preventing infected computers from rebooting. This highlights the need for robust cybersecurity measures to safeguard critical DER systems.

The DoE’s multiyear plan program identifies a lack of standards, tools, and technology to address OT cybersecurity vulnerabilities and preparedness. To address this issue, InfoBeyond advocates OT-Healer, a real-time decentralized self-security/healing tool for DER OT resiliency. OT-Healer offers decentralized threat monitoring, detection, and mitigation at the OT level. OT-Healer is designed to run on small and single-board computers like Raspberry Pi or Arduino, connected in a Bump-in-the-Wire configuration with an actual DER OT device.

OT-Healer offers several significant technical advantages, including a real-time automated machine learning-powered cyber-physical intrusion detection system that effectively analyzes both cyber and physical data streams, proactively detecting potential intrusions. Additionally, it utilizes machine learning-powered OT control policies, enabling self-healing capabilities for OT devices to counter potential data and settings manipulation by malicious entities, ensuring uninterrupted operations in the face of system abnormalities, intrusions, or malicious attacks. Furthermore, OT-Healer provides precise time-graded static/dynamic reactive power control support, minimizing simultaneous and negative operations between OT and DER units.

The primary focus of OT-Healer is to enhance the autonomous cybersecurity resiliency of sophisticated DER OT environments while ensuring the continued reliability and availability of the DER power delivery system, thus playing a crucial role in safeguarding the nation's energy and environmental security.