November 28, 2024
Report

Large-Scale Hydrogen Storage Cyber Risk Assessment - CRADA 554

Abstract

Hydrogen storage systems may become more widely deployed throughout the country, and so it is possible that individual and interconnected systems will be exposed to cyber-attacks. These events can cause physical and financial harm to employees, people in the vicinity of the facility, and the company that owns the facility. The two main ways bad actors may access information or control from a hydrogen storage facility are through information technology and operations technology devices, the former of which refers to data and information from networked devices and the latter of which refers to onsite controls for the physical system. Both types of entryways into the system should be considered when companies conduct cyber risk assessments and when regulators develop or revise relevant codes and standards. This report analyzes cybersecurity risks associated with a generic hydrogen storage system by outlining the system's purpose and the importance of its cybersecurity. The hydrogen storage system architecture and communication protocols are provided to understand potential cyber vulnerabilities. Later, an event tree analysis is performed on hydrogen operation to identify system weaknesses by outlining potential attack scenarios. This report also identifies critical cyber assets related to different hydrogen operations followed by an examination of potential threats, and the impact of cyber assets on those operational assets

Published: November 28, 2024

Citation

Touhiduzzaman M., M. Louie, A. Veeramany, and B. Ehrhart. 2024. Large-Scale Hydrogen Storage Cyber Risk Assessment - CRADA 554 Richland, WA: Pacific Northwest National Laboratory.