DESC0023743

C56-01a-272210The DOE has expressed concerns that a cybersecurity attack could destabilize the electric grid. Attacks against the power grid by nation states or other bad actors (malware or ransomware) are a real threat and with the growth of Distributed Energy Resources (DER) and their connection to the electric grid the balance between security and reliability of the power grid must be maintained. Dover is proposing an innovative integrated processor level hardware security architecture and design for processing hardware and controllers to improve cyber- attack defenses, attack detection, and provide cyber resilience to DERs and the electrical grid. Dover will investigate how to create a CoreGuard V2 (CGV2) based security architecture on Xilinx MPSoC devices commonly used in controller hardware. Considerations for boot, and run-time/real-time protection for DER inverter control software, other internal system processing (security and system processing) as well as the software that allows the power control system to provide and receive data from external wireless and wireline (internet) connections. Dover is currently integrating CGV2 on a Xilinx FPGA protecting software executing on a RISC-V processor instantiated in the FPGA programmable logic (PL). In Phase 1 Dover is to develop and define potential architectural and design approaches where its CoreGuard version 2 (CGV2) Architecture is integrated with a commercial Xilinx Multi-Processor System on a Chip (MPSoC). The architecture will include use of native MPSoC device security features, additional system controller and security software executing on the ARM A53 processors commonly used in the distributed controllers in energy systems. CoreGuard integration into the MPSoC programmable logic will detect changes to the software elements executing on the processors, unallowed data accesses, and provide mechanisms to recover from attacks that alter software and/or data. At the end of Phase 1 Dover will demonstrate CGV2 protecting a RISC-V processor on a Xilinx Kintex 7 FPGA (this an ongoing internal development effort). Dover Microsystems has CGV2 hardware-based security IP and extensive embedded controller/processor security architecture and design expertise. Phase II will implement and test the MPSoC architectural approach defined in phase I. At the end of phase II Dover will have a commercially available IP suite for CGV2 that can operate in commercial FPGAs (AMD-Xilinx), MPSoCs (AMD-Xilinx and Microchip-MicroSemi). Beyond phase I and II, Dover’s goals include commercialization of the CGV2 FPGA and MPSoC products. Additionally, based on this proposed MPSoC integration, Dover will pursue integration into commercial RISC Integrated Circuit controllers and processors at the silicon level. This would include companies like Xilinx, MicroChip, NXP, Qualcomm, and Cypress. Feedback from some of these processor companies on the CGV1 IP size and power was Dover’s catalyst to create the much smaller/low power CGV2 product. From a DOE perspective these companies provide FPGAs, MPSoCs and processors to suppliers of controller systems including Schneider Electric, Rockwell, Siemens, Honeywell, General Electric, Pheonix Contact and Emerson.