Burns & McDonnell is creating a microgrid to provide the Army Depot in Tooele with power during a grid outage. The cybersecurity team is securing the supervisory control and data acquision (SCADA) and communications systems that are part of the microgrid network and creating the risk management framework package so the microgrid will have an Authority to Operate (ATO). As part of the effort, the Burns & McDonnell team is working closely with Schweitzer Electric to harden the SCADA systems that are part of the microgrid network.
Our staff is leading a team through securing the network and systems, creating the certification and accreditation package, and loading and tracking the package in the Enterprise Mission Assurance Security System (eMASS).
Burns & McDonnell is the engineer of record for the design-build project to create a microgrid at Tooele Army Depot. The microgrid incorporate existing generation sources at the depot: a Stirling engine-based solar array, two wind turbines and a diesel generator. The renewable resources have the capacity to power the 24,000-acre Installation, so the diesel generator will make up for periods of low renewable power generation should a grid outage occur. In order to integrate the generation sources and control power distribution, Burns & McDonnell will create a network using COTS Schweitzer Engineering Laboratories (SEL) microprocessor-based relays, communications switches and firewalls.
The cybersecurity team is designing the SEL network and will install and harden the microgrid network devices following the RMF certification and accreditation process. While most microgrid networks have been created with Cisco switches and firewalls, the Tooele microgrid network will be one of the first based fully on traditional SCADA systems.
Since March 2014, all new certification and accreditation packages must follow the risk management factor (RMF) process instead of the older Department of Defense (DOD) Information Assurance Certification and Accreditation Process (DIACAP). The cybersecurity team will follow the RMF process and National Institute of Standards and Technology (NIST) guidelines for hardening the network components and developing the certification and accreditation package. Additionally, the RMF package will be loaded into eMASS and follow its workflow for an RMF ATO.
