Cyber and Physical Security

Sandia delivers grid security and grid modernization through research, development, and evaluation of solutions to maintain operations in an adversarial, compromised environment.

A Growing Threat

Electric power systems and power-system operators are more reliant on telemetry, automated controls, and communications than ever before in an effort to improve energy reliability, safety, and cost effectiveness. More specifically, emerging advancements in phasor measurement units (PMUs),  smart-grid technologies, cloud computing services, grid cyber vulnerability & assessments, and distributed energy resources (DER) represent significant cybersecurity threats to the continuity of delivered power. To mitigate the additional risk, deploying cybersecurity controls must be commensurate with the deployment of these enabling technologies.

Cybersecurity across the national electric grid is made difficult by a highly constrained solution space. Constraints on addressing grid cybersecurity include:

  • strong and growing levels of technical ability in the nation’s adversaries
  • 20-year technology refresh cycle
  • limited avenues for utilities to fund security
  • system owner reluctance to adding hardware or software that could potentially impact warranties
  • a focus on availability over integrity or confidentiality of data

Control system cybersecurity, including grid control, has operated as a niche for some time. That status is ending, however, as the nation’s grid now operates in a world where grid vulnerabilities can be easily discovered through open Internet research.

Research Areas

Cybersecurity work at Sandia leverages extensive federal investment over many decades and the laboratory’s 60-year history ensuring a safe, reliable nuclear stockpile. Since the dawn of electronic information processing, Sandia has been required to ensure secure operations from the level of individual computing devices to national-scale networks. This mission has evolved into several unique capability areas that now range far beyond weapon assets.

Weaselboard is an analytics capability fielded on a federal sponsor’s operational systems. Weaselboard provides independent introspection into control system backplane signals such that system compromise is detectable even if the system’s computing resources are being deceptive.

For over five years, Sandia National Laboratories’ Distributed Energy Resource (DER) Cybersecurity Team has analyzed DER cybersecurity risks and addressed the technical challenges associated with implementing novel security solutions.

Sandia and the SunSpec Alliance formed the DER Cybersecurity Workgroup to assemble stakeholders and work through the technical, administerial, and regulatory challenges to advance the state of the art in Distributed Energy Resource (DER) cybersecurity. The public-private partnership has acted as a meeting place to discuss DER cybersecurity issues and establish recommendations for national and international DER cybersecurity standards. Over 1000 experts participate in the workgroup, representing DER vendors, utilities, regulators, national laboratories, and third parties. Early in the workgroup activities, Sandia published a roadmap and primer on DER cybersecurity to establish a common nomenclature and summarize DER cybersecurity concepts and standards.


SunSpec Alliance Website

Roadmap for Photovoltaic Cyber Security

Cyber Security Primer for DER Vendors Aggregators and Grid Operators

More about Renewable Energy and Distributed Systems Integration (RDSI) research at Sandia

For more than a decade, Sandia’s Emulytics™ program has continued to develop a suite of emulation, modeling, and analysis tools for exercises and training that include forensics, predictive simulation, and real-time dynamic defense. Emulytics provides a safe environment in which a broad array of parameters and technologies can be evaluated with an appropriate level of fidelity, without impacts to critical operations. Sandia researchers combine emulated, simulated, and physical test bed environments as appropriate to achieve the required level of fidelity.

The laboratories’ grid modernization cybersecurity work includes:

  • grid control monitoring using advanced analytics for asymmetric cyber defense
  • risk management and consequence analysis focused on interdependencies between multiple critical infrastructures
  • situational awareness across multiple domains simultaneously
  • cyber agility through Emulytics™
  • supply chain integrity
  • protocol and firmware reverse engineering
  • vulnerability assessment and red teaming

More than 300 Information Design Assurance Red Team projects have been and are being executed across a wide range of targets, from individual embedded systems to global enterprise systems. Sandia has conducted initial assessments of Advanced Concept Technology Demonstrations for military prototypes and assessments for the Defense Advanced Research Projects Agency. This work has been conducted through many years and across diverse sponsors including the energy, finance, manufacturing, and information technology sectors. Federal sponsors have included the Departments of Energy, Defense, Interior, Homeland Security, and State.

Sandia’s Supervisory Control and Data Acquisition (SCADA) Controls Lab allows for simulating and monitoring virtual cyber attacks on the grid.


In order to ensure the effectiveness and success of cybersecurity research in an environment where utilities rely on commercial integration of security, Sandia partners with commercial entities and most other Department of Energy national laboratories to both inform and execute research and development. Learn more about partnering with Sandia.

Lon Dawson

(505) 844-5220