For an industry historically slow to
change, the ongoing transformation of the power grid is remarkable. However,
with this transformation comes a dramatic increase in the risks of the grid
being hacked and disabled.Securing the modern "smart grid" requires new networking technology and services designed to cost-effectively secure communications to assets ranging from utility-scale generating units to residential scale batteries and inverters. This is particularly true for Distributed Energy Resources or "DERs."The benefits of this transformation
are substantial, as they offer the potential to:
Improve the environment and ultimately lower costs by shifting to renewable resources.
Improve grid reliability and efficiency by decentralizing power generation and storage, and increasing overall infrastructure utilization.
Offer consumers additional value-added services, such as visibility into and control over their energy consumption, through the deployment of digital technologies.
A Rapidly Growing Population of Distributed and Connected DevicesAs costs fall and business models are refined, the number of interconnected devices grows exponentially. The U.S. already boasts over two million rooftop solar installations. By 2024 consulting firm Wood Mackenzie projects one residential installation every minute.Solar arrays, batteries, electric
vehicle chargers, thermostats, and other smart devices increasingly populate
the grid, and as costs continue to fall their growth will accelerate. Estimates
suggest that the number of distributed assets may soon exceed ten million in a
single utility service territory soon. In Hawaii, for example, local utility HECO expects 50 percent of its future energy resource to be supplied and controlled at the grid edge, overseen and orchestrated by the utility. This grid-scale DER system will provide a time-shifting service for the solar-generated electricity and manage power quality.Since DERs have a significant
dependency on digital communication and control the cybersecurity ramifications
of this dynamic are clear. Each asset
added to a control network represents a new security attack surface, a
potential point of entry to attack the power grid or manipulate the device
itself. Furthermore, since the cost of
connecting and securing each asset must be commensurate with its value, the
vast majority of DER assets will be connected using the (vulnerable) public
Internet. Today's digitally-enabled DERs are
deployed across the distribution grid, typically close to the load (demand) and
usually "behind the meter." Owned by consumers and parties other than
the utilities, these assets can be deployed individually or in aggregated mode
to provide value to the grid, individual customers, or both.Although these DERs have historically
not participated in the management and operations of the bulk energy system,
they are now reaching sufficient scale such that they need to be monitored, and
in some cases controlled, to ensure the stability of the grid at large.These Devices Must Be SecuredThe electric grid is not the only
thing that is evolving: Nation-states with sophisticated tools and significant
resources have increasingly become a potentially dangerous new adversary. They are continually developing new tactics
and procedures so that the strategies and technologies that secured the grid
just a few years ago are no longer adequate.Security risks include unauthorized
access to DER controllers and smart inverters, penetration through the facility
network, unauthorized access to smart meters, unauthorized changes in settings,
and owners who fail to secure their devices adequately.Network protocols also need to be
analyzed for potential vulnerabilities. For example, when distributed energy
sources are connected to a utility network, adversaries can "tunnel
in" through network pathways when they are not secured, sending malicious
commands to DER controllers or smart meters.
Another risk is that a DER may be interconnected with building
automation networks and other IT networks, further increasing their attack
surface.Attacks against these centralized
systems can impact a critical mass of DER systems across multiple distribution
grids. The greater the number of DER attached to smart grids, the more serious
the impact of attacks, including injecting excessive power or intentionally
manipulating voltage which can destabilize the entire system. Without adequate protection and control of
the communications network edge, the security of these network connections is
extremely vulnerable. Poor Security Must Not Compromise the Benefits of the Smart GridDriven by the availability of
attractive sustainable and distributed energy solutions, DERs will continue to
propagate an increasing number of devices operating at consumer and utility
locations. Since smart DER devices already vastly outnumber the utility owned
and controlled resources, the time to think through how to leverage virtual
networks and management systems to avoid a catastrophic security breach is now.Attack-resilient, secure virtual IP networks can be designed and rolled out, which will enable utilities to ensure a more secure overall grid. Advanced virtual networking software that offers the highest level of security is available today and can be integrated directly into DER assets, enabling them to "plug-n-play" into ultra-resilient virtual cloud networks. Leveraging the processing and memory of these devices and the public Internet is essential to lowering costs.Engineered thoughtfully, DER systems
and the traditional power grid are complementary technologies. Coupled with secure transmission networks and
applications that ensure endpoints are not vulnerable, these developments will
only further the growth of more sustainable smart grid, micro-grid, and
mixed-technology grid innovation.The benefits of a more decentralized energy paradigm are vast; increasingly smart DER systems will continue to have a positive impact on the environment and the economics of power generation and consumption. The traditional power grid is undergoing a massive change through renewable integration, microgrids, demand response, AMI, and DER, evolving from a utility-centric architecture and model to a distributed smart grid. How we secure smart grids must change to ensure cyberattacks do not diminish the benefits of sustainable energy.
Healthcare entities have been subjected to intrusions involving the novel Mimic ransomware variant dubbed "ELENOR-corp" that features advanced data theft and anti-analysis capabilities, according to Infosecurity Magazine.
Significant strides made by the U.S. in combating international cybersecurity threats and forging digital collaborations with other nations were noted by cybersecurity experts and former officials to potentially be endangered by the Trump administration's plan to transfer the Bureau of Cyberspace and Digital Policy to another department and establish a new cyber threat-focused bureau as part of a State Department overhaul, reports Cybersecurity Dive.
