Improved energy efficiency and resiliency is a key goal of the Department of Defense (DOD) facilities throughout the country. Distributed energy resources (DERs) and microgrid technologies can address this need by diversifying energy supply and operational requirements, as well as reducing interconnected infrastructure dependencies. However, these devices can expose deployment locations to new cyber threat pathways. Additionally, whenever new devices are installed into the Industrial Control Systems (ICS) at DOD facilities, they are inventoried and evaluated as part of the DOD Risk Management Framework (RMF), which can be a time-consuming and onerous process. This demonstration project, CINDER, will address these issues by streamlining ICS analysis in the RMF specific to DER management systems for the energy managers and civil works leaders for DOD facilities, enabling faster authorization and full integration. It will also allow for the automation of accurate asset inventories at secure locations for Operational Technologies (OT), and provide rapid assessment of assets on the communication network, the baseline setting, and design of appropriate controls.

Technology Description

CINDER combines two technologies—active communications scanning (NeMS) and co-simulation (HELICS). NeMS, is a LLNL-developed, software-based network characterization and discovery tool, which combines intelligent network probes, passive traffic analysis, and host discovery to construct a visual representation of the communications network, based on observed behavior. The research team will use NeMs to identify currently connected devices and corresponding device and system communication paths on the DER and energy management network, and characterize the ongoing traffic. The HELICS tool is a power and communications modeling tool which performs synchronized co-simulation of multiple scenarios within the physical power flow (GridLAB-D) and communication model (ns-3) of the demonstration site.


CINDER will improve upon state of the art in this field by allowing risk to both the power and communications network to be evaluated in tandem, along with true validation and baseline setting with active network scanning. The development of digital twins will enable an iterative process to be performed as new components are added to the base power system – decreasing the time to Authority to Operate (ATO) significantly. Technical and economic performance is quantified in terms of improved time to ATO for DER technologies with these technologies, with a simple payback calculated at 11 months based on improvement in time to ATO of 50% for microgrids. Other qualitative benefits are:

  • Rapid evaluation of cyber-secure microgrid deployment strategies within the RMF for critical facilities is provided through an expert team
  • Proactive, streamlined, accurate, actionable, and defensible strategies for cyber secure DER integration provided by the tools
  • Communications and Electrical Network integration risk for new microgrid technologies that can be proactively evaluated in a timely cost-effective way
  • Utilization of open source and Department of Energy (DOE)-developed tools for rapid demonstration with minimal development cost. Future costs include user time rather than tool licensing.