Cybersecurity challenges integrating DERs
OpenCIP Concept White Paper
by Travis Rouillard
April was a busy month for those on the front lines of protecting the electric grid from cybersecurity threats. The US Commerce Department and the Department of Energy released a new “Cybersecurity Framework” as a guideline for utilities. Lawmakers in the US House introduced a variety of bills aimed at improving detection, deterrence, and response to cyberattacks to the electric grid. And the DOE announced a $25 million funding opportunity announcement (FOA) seeking cybersecurity R&D and pilot proposals.
All of this activity was initiated in response to evidence of increasing cybersecurity attacks by well-organized state-sponsored actors. These types of attacks are more sophisticated than those initiated by lone wolves, and use a variety of attack vectors including social engineering to gain access through contractors or sub-contractors that might be several degrees of separation removed from critical utility systems. Once inside, they have the resources to patiently work their way through the system to probe weaknesses across the enterprise.
At a client last week, we were discussing their integration of Distributed Energy Resources (DERs), and specifically their strategy for telemetry and control of those assets from their operations center. Basically, the challenge they faced is that their organization had adopted a very strict security perimeter policy against integrating anything that touched the internet with their OT (operational technology) systems. In the age of retailers and aggregators managing fleets of DERs and smart inverters over the cloud using IoT (internet of things) communications, this policy precluded almost everything. They are forced to implement their own expensive SCADA solution outside the point of interconnection for those large assets requiring visibility and basic connectivity control. But with that method, they lose out on any visibility of internal DER state variables like charge or power factor, and have no finer degrees of control.
Therein lies a growing challenge for utilities – trying to balance their need for increased situational awareness (and control) of DER behavior on the grid edge, while trying to minimize the risk of dramatically expanding the potential attack surface by opening up millions of potential holes in their operations infrastructure. Some utilities are punting on this issue by outsourcing the problem to DER retailers and aggregators and relying on them to communicate with DERs entirely outside the utility network. These entities generally fall in a FERC/NERC CIP loophole as they are not responsible for grid reliability and their assets are individually small. But at what point does the size of their generation and load portfolios start becoming critical grid assets in aggregate? What rules and standards should they enforce to ensure security of their communications with their fleet?
Clearly, more thought, creativity, and R&D is necessary to resolve this deadlock. More DERs and smart appliances are coming. More advanced cybersecurity threats are coming. Neither can be ignored, and its impractical to think a web of billions of interconnected DERs and smart appliances on a highly distributed grid can ever be effectively secured from end to end to the utility control center.
Utilities will need to get past their instinctive mistrust of ‘the cloud’ and learn how to safely operate the grid across an inherently unsafe web of devices and communication channels. The industry needs a new approach to gathering, filtering, and verifying data from untrusted sources. And it needs a new approach for issuing trusted control instructions that can be easily validated as genuine by distributed assets without requiring hard wired connections to the operations center.
Travis Rouillard – GridBright CTO