EEPower
EEPower

Zero-Trust: Preventing Grid Cyber Attacks

Iowa State University and Central Iowa Power Cooperative are collaborating to develop a zero-trust architecture to strengthen grid cybersecurity.

Tech Insights Mar 12, 2025 by Jake Hertz

The increasing complexity of power grids has introduced new cybersecurity challenges as energy infrastructure shifts from centralized generation to distributed networks. Modern grids integrate diverse energy sources, including wind and solar, while relying on digital control systems to manage real-time power distribution. This reliance on interconnected networks has expanded the attack surface and makes grid operations vulnerable to cyber threats that can disrupt the electricity supply and compromise infrastructure.

Iowa State University and the Central Iowa Power Cooperative (CIPCO) are collaborating on a cybersecurity initiative to protect the U.S. power grid using zero-trust architecture (ZTA). Let’s learn more about the project and its implications.

 

Zero-trust architecture can protect grids with renewable energy sources from cyber attacks.

Zero-trust architecture can protect grids with renewable energy sources from cyber attacks. Adapted from images used courtesy of Canva
 

Research on Zero-Trust Architecture

Iowa State’s $500,000 project, funded by the U.S. Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response, aims to strengthen the security of operational networks by requiring continuous authentication and validation for all network communications. Zero-trust principles demand that every command or data exchange undergo verification before granting access to infrastructure components, such as substations, generating plants, and control systems.

 

Energy generation in the CIPCO network

Energy generation in the CIPCO network. Image used courtesy of CIPCO
 

As distributed energy resources become the norm, the number of network entry points has expanded and increased the risk of cyberattacks. This project addresses those vulnerabilities by developing a security framework capable of monitoring communication protocols and network traffic for anomalies. The researchers are building a testbed with Arizona State University to simulate real-world cyber threats and validate defense mechanisms. Drawing from past attacks on Ukraine’s power grid, the team will assess the effectiveness of countermeasures under controlled conditions.

The software under development is expected to match the speed and reliability of existing grid control systems while incorporating an additional layer of security. The goal is ultimately to deliver a solution that meets infrastructure performance requirements without introducing latency or operational inefficiencies. Some components of the system may be patented and commercialized, while others could be made available as open-source solutions. By 2027, the project aims to provide utilities with a validated security architecture to mitigate evolving cyber threats and ensure uninterrupted power delivery.

 

What Are Zero-Trust Architectures?

Zero-trust architecture is a cybersecurity framework designed to eliminate implicit trust within a network by requiring continuous authentication, authorization, and validation for all users, devices, and applications attempting to access resources. Where traditional perimeter-based security models assume internal traffic is inherently safe, ZTA operates on the principle that every access request must be verified, regardless of origin.

 

Core zero trust logical components

Core zero trust logical components. Image used courtesy of NIST
 

A zero-trust system relies on several core mechanisms:

  • Identity and access management enforces user authentication through multi-factor authentication and role-based access controls.
  • Micro-segmentation divides the network into smaller, where isolated segments serve to contain breaches.
  • Least privilege access ensures users and devices receive only the minimum permissions necessary for their function, while continuous monitoring and analytics use AI to identify and respond to suspicious activity.
  • Software-defined perimeters dynamically control access to resources based on contextual policies, limiting exposure to sensitive infrastructure.

In a power grid environment, ZTA excels at mitigating advanced persistent threats and supply chain attacks. Traditional perimeter defenses, such as firewalls and virtual private networks, fail to secure distributed energy networks, where remote access, third-party vendors, and edge devices introduce numerous potential attack vectors. By enforcing device authentication at every interaction, ZTA prevents unauthorized access.

 

Strengthening Grid Security

As power grids become more decentralized and reliant on digital infrastructure, cybersecurity has to match this complexity. The Iowa State and CIPCO project aligns with industry-wide efforts to secure energy distribution systems against increasingly sophisticated cyberattacks. As the research progresses, the team hopes that software components may become available for commercial deployment or open-source adoption by utilities.

Related Content

To Prevent Cyber Attacks, Secure These 5 Technologies
To Prevent Cyber Attacks, Secure These 5 Technologies
News
White House Pushes for More Grid Cybersecurity
White House Pushes for More Grid Cybersecurity
News
Nature-Influenced Power Grid Designs
Nature-Influenced Power Grid Designs
News
US Power Grid Adding Capacity
US Power Grid Adding Capacity
News
Semi Leading Smart Grid Change
Semi Leading Smart Grid Change
News
Innovation Surge Sweeps Grid Tech
Innovation Surge Sweeps Grid Tech
News
Renewables Roundup: Growth and Gridlock
Renewables Roundup: Growth and Gridlock
News
Gridlock to Grid Growth: HV Transmission for a Renewable Future
Gridlock to Grid Growth: HV Transmission for a Renewable Future
News

Learn More About

renewable energy cybersecurity Power Grids Distributed Energy Resources zero trust Iowa State University CIPCO

You May Also Like