ModuleOT: A Hardware Security Module for Operational Technology: Preprint

With increasing penetration levels of distributed energy resources (DERs) on the distribution grid, as well as new technological advancements in the cyber space, new cyberattack vectors are being introduced, and the available attack surface is constantly increasing. Despite this increasing risk, the standard IEEE 1547-2018 does not yet recommend cybersecurity measures for DERs. To address this and to better protect data on the distribution grid - from the standpoints information security as well as operational security - ModuleOT has been developed. The module aims to significantly reduce cyberattack vectors by improving data privacy for user applications. This is accomplished by performing the core functions of encryption, authentication, authorization, certificate management, and user access control. The module integrates a custom security application with hardware cryptographic acceleration. The application secures all communications using Transmission Control Protocol over Internet Protocol (TCP/IP). These include the three most commonly used communications protocols for power systems information exchange: Modbus, Distributed Network Protocol 3 (DNP3), and Smart Energy Profile 2.0 (SEP2.0). These three protocols are also supported by IEEE 1547-2018 for all DER devices. This paper tests the data encryption/decryption feature on a physical networking test bed with emulated Modbus devices reporting grid data and presents the results.