Research

In my current role as a power engineer and researcher for the Infrastructure Security group at Idaho National Laboratory, I have the opportunity to work on a variety of projects spanning distributed energy resources (DER), infrastructure modernization, cybersecurity for power systems, and resilience.

Principle investigator (PI) for Securing Solar for the Grid (S2G) project and chair of the laboratory coordinating committee (LCC) for related efforts across four laboratories. This project coversa variety of cybersecurity research areas for solar energy, including standards development, cyber risk analysis tools, education and workforce training, and supply chain analysis.
PI for On Site Wind for Rural Load Centers project, which is intended to bring a distributed wind hybrid design toolkit to rural communities.
PI for the Wind Cybersecurity and Education and Training (WindCET) project, which develops cybersecurity training for wind stakeholders and integrates wind into cybersecurity exercises with utilities.
Member of the Red Team for Liberty Eclipse, a full-scale exercise is an annual cybersecurity preparedness exercise that brings together federal partners, and operational technology (OT) and cybersecurity experts from the energy sector to validate the security of their cyber defense systems, plans, policies, and procedures, in a scaled environment.
Cybersecurity and communications expert for a Laboratory Directed Research & Development (LDRD) project exploring the remote operation of microreactors.
Subject matter expert for Renewable Energy and Storage Cybersecurity Research (RESCue), a project that will analyze and address cybersecurity concerns for hybrid energy systems that include wind, solar, and energy storage.
Subject matter expert for The Grid Modernization Lab Consortium (GMLC) project, Harmonization of DER Cybersecurity Standards project.
[past] PI for the Microgrids, Infrastructure Resilience, and Advanced Controls Launchpad (MIRACL) project, a distributed wind project funded by the DOE Wind Energy Technologies Office (WETO), which ended in 2022.
[past] Power engineer and key organizer of the Transmission Optimization for Grid Enhancing Technologies (TOGETs) project, funded by the DOE Office of Electricity (OE) and DOE WETO.
[past] The Grid Modernization Lab Consortium (GMLC) project Validation, Restoration and Black Start Testing of Sensing, Controls and DER Technologies at Plum Island was an exciting project I worked on as a graduate fellow and during my transition to a full time employee that allowed me to stretch my research abilities. Now, I get to continue working on similar efforts through the Liberty Eclipse program

Lots of other exciting projects cross my desk. They each combine my interests in solar, wind, storage, cybersecurity, and power system modernization to present unique challenges for me and my teammates to solve.

As a lifelong learner, I’m constantly exploring new areas of research that I believe will make the world a better, safer place. Below you will find my key interests and recent publications. Check out my blog for updates on my ongoing projects.

Research Interests

Distributed Energy Resource Integration

The world's energy generation profile is changing rapidly, and will continue to evolve over the next 50 years. Predictions vary widely, but distributed energy resources including solar PV, battery storage, wind, and others will play a big role. The current bulk energy system is not designed to handle distributed generation sources, especially at the distribution level. I believe I can have a meaningful impact on the safe integration of DER by evaluating the resiliency, reliability, and security of integration plans, models, and policies.

Industrial Cybersecurity

Cybersecurity for operational technology (OT) systems looks very different than traditional cybersecurity for informational technology (IT) systems. OT systems were ignored for a long time in security because they were thought to be disconnected. As the Internet of Things continues expanding, and as more "smart" technology is used in industrial facilities, it has become clear that OT systems are just as important to protect. Finding the ways that existing solutions can apply to industrial environments and identifying key issues that separate OT from IT is what motivates me most in this area.

Securing Critical Infrastructure

The hows of cybersecurity are interesting to me, but the whys of cybersecurity are what keep me up at night. Since I first learned about Stuxnet and the attacks on the Ukrainian power system I have been drawn to solving security challenges to ensure that our critical infrastructure, including power grids, oil & gas, manufacturing, water, and transportation are operating safely. The threats to health, lifestyle, and wellbeing of the public if critical infrastructure is attacked are what drive me to find solutions.

Publications

Jan. 2024

Attack Surface of Wind Energy Technologies in the United States

Low cost, reliable electrical energy production from wind relies upon automation and control systems. These same systems, however, can serve as the target of adversaries’ cyber-attacks. INL evaluated a generalized wind plant architecture to understand the classes of potential threat actors and the vectors that could enable a cyber-attack. This evaluation explores the attack surface of a representative wind plant, identifying potential methods and vectors that an adversary could leverage to conduct a cyber-attack. Included in this assessment are some recommended mitigations and approaches. Each recommendation requires a full security evaluation, cost/benefit analysis, and risk analysis by each owner and operator.

Read more here

Feb. 2023

Cybersecurity Resilience Demonstration for Wind Energy Sites in Co-Simulation Environment

This report describes some of the key outcomes of the multi-year Wind Cyber Hardening project, specifically the platform developed to detect and mitigate cyberattacks on a representative wind farm architecture.

Read more here

June 2022

Case Study: Resilience Benefits of Distributed Wind Against Fuel and Weather Hazards in Alaska

In this case study of St. Mary's Village, Alaska, we present a resilience evaluation exercise. A resilience framework is employed to identify system characteristics, relevant metrics, and resilience hazards, and to assess the performance against the hazards with and without a distributed wind turbine. The results show the resilience benefits provided by the distributed wind installation against fuel shortage hazards and cold weather hazards. The resilience benefits can be assigned monetary values, which provide insight into value streams of distributed wind that are not usually considered.

Read here: IEEE

June 2022

Cyber-Risk Management Feasibility Study: Retrofitting Solar with Emerging Technologies

This report specifically investigates the cyber-considerations related to energy resilience retrofits and summarizes the key questions that project proponents could ask when evaluating solar PV sites for resilience retrofit feasibility, preliminary design, and subsequent development processes.

Read more here

May 2022

MIRACL Resilience Case Studies of Distributed Wind Against Fuel and Weather Hazards in Alaska

For the Microgrids, Infrastructure Resilience, and Advanced Controls Launchpad (MIRACL) project, our team evaluated the resilience provided by distributed wind in two case studies, St. Mary's, AK and Iowa Lakes, IA. Read the case studies to learn more about the unique resilience goals and hazards for each site.

Nov. 2021

Cyberseucirty Guides for Distributed Wind Stakeholders

These quick guides accompany the full Cybersecurity Guide for Distributed Wind. Rather than dig through the full report, manufacturers, integrators, and operators can find targeted best practices for their roles.

Oct. 2021

A Cyber-Resilience Risk Management Architecture for Distributed Wind

Distributed wind is a strong candidate to help meet renewable energy and carbon-free energy goals. However, care must be taken as more systems are installed to ensure that the systems are reliable, resilient, and secure. The physical and communications requirements for distributed wind mean that there are unique cybersecurity considerations, but there is little to no existing guidance on best practices for cybersecurity risk management for distributed wind systems specifically. This research develops an architecture for managing cyber risks associated with distributed wind systems through resilience functions.

Read here: IEEE

Aug. 2021

Cybersecurity Guide for Distributed Wind

This report provides an introduction to cybersecurity for distributed wind by discussing the architectures, standards, and best practices that are most applicable. It explains why there needs to be special consideration for a resource as specific as distributed wind, and it provides guidance to relevant sets of stakeholders on their role in maintaining the security of the system.

Read here: Resilience at INL

July 2021

Resilience Framework for Electric Energy Delivery Systems

This report describes a framework for resilience planning, operation, and improvement. It focuses on the identifying system characteristics, resilience goals, and resilience hazards. It provides readers a process for evaluating system resilience and comparing the resilience of different configurations.

Read here: Resilience at INL

May 2021

Cybersecurity Considerations for Grid-Connected Batteries with Hardware Demonstrations

The distributed nature of DER devices combined with their network connectivity and complex controls interfaces present a larger potential attack surface for adversaries looking to create instability in power systems. In this work, we focus on grid-connected batteries. We explore the potential impacts of a cyberattack on a battery to power system stability, to the battery hardware, and on economics for various stakeholders. We then use real hardware to demonstrate end-to-end attack paths exist when security features are disabled or misconfigured.

Read here: MDPI Energies Journal

May 2021

Distributed Wind Resilience Metrics for Electric Energy Delivery Systems

While most people have a general concept of what it means to be "resilient," and examination of definitions from different sources reveals that there are key commonalities, but key differences as well. This INL report explores the definition of resilience for electric energy delivery systems, metrics appropriate for evaluating resilience, and the application to distributed wind.

Read here: Resilience at INL

May 2021

Securing Distributed Energy Resource Integration

The penetration of distributed energy resources (DER) is growing at much higher rates than predicted 20 years ago. Far from being used only in residential settings, DER are now installed on distribution and transmission circuits. In this position, they do not have the same properties as traditional generators and are more flexible in many cases. The growing penetration and range of uses for DER motivate the need to reliably and safely integrate them into the grid. This Master's thesis explores cybersecurity for DER from conceptual and operational perspectives.

Read more here

April 2021

Stability Impact of the IEEE 1547 Operational Mode Changes Under High DER Penetration in the Presence of Cyber Adversary

The IEEE 1547 standard addresses the integration of Distributed Energy Resources (DER) into Area Electric Power Systems (AEPS). The updated standard, released in 2018 with revisions ongoing, specifies the need for more flexible settings, requiring the DER to remain connected during certain disturbances and provide voltage support via active and reactive power modes. With these increased capabilities comes increased risks, and our analysis of the standard has produced potential settings combinations, which, while allowable under the standard, may actually create instability.

Read here: IEEE

Oct. 2019

PAVED: Perturbation Analysis for Verification of Energy Systems

Sensor integrity is arguably the most critical feature to protect in cyber-physical systems. Since power systems are cyber-physical systems with ubiquitous sensors that monitor and protect the grid, data must be trustworthy. Process safety and control decisions ultimately depend on data. The focus of this paper is how to design and apply perturbation based detection for sensor verification, under full AC unobservable false data injection (AU-FDI) attacks, by combining an active probing strategy with cyber-side data based on the cyber-physical situational awareness model CyPSA.

Read here: IEEE

Nov. 2018

Building an Invisible Wall: Real-Time Methods to Improve Power Grid Cybersecurity

Read here: IEEE

April 2018

Sensor Verification for Cyber-Physical Models of Power Systems

This was an undergraduate thesis project for the URS program. This project explores the ways that data from sensors in power systems can be authenticated by enhancing the security of power systems from a cyber-physical point of view. This is a continuation of the work for the NSF project “CPS: Synergy: Collaborative Research: Distributed Just-Ahead-Of-Time Verification of Cyber-Physical Critical Infrastructure.” Adversaries who gain access to a cyber-physical system can cause significant physical damage and financial loss by injecting false data into a sensor node. Identifying adversarial action in a system can mitigate unsafe actions made based off of bad data. The technique presented in this work combines topology analysis with real-time probing to create a measure of trustworthiness of sensors in a system.