Edge deployment hardware for griDNA is compact.
As distributed energy resources proliferate across the electric grid, the cyber-attack surface for cyber threats expands, and those digital intrusions can trigger consequences in the real world. Legacy monitoring tools still operate in silos, with one platform watching network traffic and another tracking voltage and frequency, leaving utilities blind to events that straddle both domains. Enter Sandia National Laboratories’ griDNA, which is a multi‑level, edge‑deployable AI for cyber‑physical situational awareness on the electric grid and a 2025 R&D 100 Finalist in the IT/Electrical category.
Bridging cybersecurity and grid physics
In essence, the project aims to bridge the gap between cybersecurity analysts and grid operators by fusing operational network data with physics‑based power measurements to flag anomalies before they cascade across transmission, distribution and the grid edge. “At a high level, griDNA breaks down silos between cyber defenders and system operators on the power grid. We focus on combined cyber‑physical events; cases where you need action on both the network side and the power‑system side,” said project lead Shamina Hossain‑McKenzie, principal member of technical staff in Sandia’s Cyber Resilience R&D department.
She contrasts griDNA with legacy tools: “Most tools look only at network telemetry (IT and operational technology systems) or only at physics data. We fuse both streams and use autoencoder neural networks to detect whether an event is cyber, physical or cyber‑physical, and then inform next steps.”
Sandia’s website cites the technology at Technology Readiness Level 8, which coincides with actual system completion and field qualification
The lineage traces back to Sandia’s PIDMS (Proactive Intrusion Detection and Mitigation System), which won an R&D 100 Award in 2022. “PIDMS collected cyber and physical data but analyzed them separately and then correlated the results. griDNA’s step forward is to process cyber and physical data together, in one model, enabling faster detection of linked cyber‑physical events,” Hossain‑McKenzie said.
The threat landscape, she notes, is evolving rapidly. “The grid is becoming more cyber‑physical: more smart devices, new comms interfaces, adaptive control (including AI),” Hossain‑McKenzie said. “That improves efficiency but widens the vulnerability landscape. Now cyber attacks can propagate to the physical system, where consequences can be severe. Many solutions still look only at cyber data; we bring power‑system physics directly into the analysis.”
Team, partners and a field testbed
Sandia cybersecurity expert Adrian Chavez (left) and computer scientist Logan Blakely integrate a single-board computer running griDNA’s neural-network AI at PNM’s Prosperity solar farm test site. The edge-deployable system fuses network traffic and power measurements to detect cyber-physical anomalies. (Photo by Bret Latter)
A cross-domain approach helped bring the project to life. “We’re an interdisciplinary team at Sandia: computer scientists/AI researchers working with power‑system engineers,” she says. Collaborators include Adrian Chavez, Logan Blakely, George Fragkos, Jess Robinson and Taylor Collins. External partners include Texas A&M University (“Prof. Katherine ‘Kate’ Davis”), the Public Service Company of New Mexico (PNM) and Sierra Nevada Corporation (SNC), as Sandia National Laboratories notes.
That cross-disciplinary perspective now shapes a team built to straddle both worlds: ML researchers tuned to anomaly detection working side-by-side with controls and protection engineers who know what “normal” looks like on a live feeder. “We’re an interdisciplinary team at Sandia: computer scientists/AI researchers working with power‑system engineers,” she says, noting collaborators Adrian Chavez, Logan Blakely, George Fragkos, Jess Robinson and Taylor Collins. External partners include Texas A&M University (“Prof. Katherine ‘Kate’ Davis”), the Public Service Company of New Mexico (PNM) and Sierra Nevada Corporation (SNC), as the Sandia National Laboratories notes.
Those partnerships enabled a CRADA deployment at PNM’s Prosperity solar farm after emulation and hardware-in-the-loop testing. “PNM partnered with us through a CRADA for field testing: how griDNA installs, collects data and performs against scenarios in a live system,” she says. Sandia’s Lab News confirms the Prosperity deployment and details the staged test campaign.
