The twin threats of distributed energy resources and cyberwarfare threaten electric grid stability.
Key takeaways from this article include the following:
- Nation-state campaigns are ramping up against grid operators and contractors.
- The explosive growth of renewable energy is causing growing pains for grid operators.
- Resilience has long been a priority for electric utilities, but the threats to the grid are unparalleled.
The stakes are high for electric utilities. The U.S. Department of Energy has warned that Russia and China have advanced cyber-programs that pose a risk to the bulk power systems that provide electricity to most of the nation. Ukraine has already suffered two wide-scale power outages — in 2015 and 2017 — believed to be the handiwork of Russian cybercriminals.
In addition to cybersecurity risks, much of the domestic utility landscape finds itself in flux, wrestling with aging infrastructure on the one hand and an influx of distributed energy resources on the other. The problem is most acute in California and Australia, where electric system malfunctions have sparked massive wildfires. But even nations such as Germany that have invested heavily in grid modernization and green energy have struggled to achieve electric grid stability.
[For all our IoT World coverage, read our IoT World 2020 conference guide.]
While upgrading the grid can improve utilities’ ability to predict demand and compensate for fluctuations stemming from distributed energy resources, connected technologies also magnify cybersecurity risks. To tame the chaos, utilities need an integrated approach that reduces risk in the physical and cyberdomains.
Building a Grid That Can Withstand Physical and Digital Chaos
While cybersecurity is a central concern for grid operators, renewable energy is a competing priority. Nearly half (46%) of grid operators reported that renewable energy was a central concern, according to the 2020 State of Electric Utility survey. Rounding out the top three priorities were distributed energy resources and grid reliability, selected by 30% and 29% of respondents, respectively. Tied for fourth were security and aging grid infrastructure, at28%.
All of these priorities, however, are interrelated. Exponential increases in solar and wind power, for instance, can lead to reverse power flows that cause grid instability. That is, instead of electricity moving unidirectionally from power plants and substations to users, the energy flow often flows in the opposite direction, given the rise in wind power as well as rooftop solar power for commercial and residential real-estate properties. “We have about 70,000 solar panels installed every hour,” said Michael Enescu, a visiting associate professor at California Institute of Technology at IoT World. “Electric vehicles also cause tremendous stress on the grid,” he said.
Laying the foundation for electric grid stability will require significant investment and deliberation, Enescu acknowledged. It will also require integration. “All of these devices — wind turbines and solar panels — they become [internet protocol] endpoints on the network so we can collect the data in realtime,” he said.
As utilities modernize their grids, they should maintain endpoint visibility and segmentation while prioritizing threat detection and establishing an integrated security operations center, said Marc Blackmer, product manager, IoT at Cisco. Achieving those objectives can be difficult considering the wide equipment footprint. “If you look at distribution and transmission, for example, you’ve got substations in all these different places,” Blackmer said. The rise in renewable energy sources ranging from rooftops to wind farms underscores the need for a holistic approach for grid management. In many cases, utilities will have to determine what is “the best configuration for millions of devices to optimize power flow such that it minimizes cost while ensuring safety and reliability,” Enescu said. To support such functionality, Enescu recommended utilities deploy an IoT-enabled power grid with decentralized control.
Integrating a diverse set of equipment can prove challenging. Microgrids, for instance, can optimize grid stability, given their ability to operate independently from the grid. But microgrids’ connection to the power grid can provide new avenues for cyberattack. Complicating matters further is the fact that microgrids are typically not owned and operated by traditional grid operators.
Find Strength in Collaboration
The power and utilities industry has long prioritized partnerships to manage grid changes. “We are an industry that truly collaborates — whether that is intelligence sharing, working with our energy sector [Information Sharing and Analysis Center] or working with the government,” said Tom Wilson, chief information security officer at the Southern Company in a webinar.
Collaboration can help utilities address black swan event–related uncertainties and improve situational awareness regarding evolving cybersecurity threats. “Another thing we have done as an industry is collaborate on exceptions,” Wilson said. Given the unpredictability inherent in grid management, utilities are frequently forced to make exceptions to security processes. “When you work together as an industry, there is a strength in numbers when you can say, ‘All of my peers, even though all of their computers are remote, are going to patch over those networks,” Wilson said.
Cross-industry and government alliances were also a recommendation outlined by the congressionally mandated Cyberspace Solarium Commission. “There are roles that only the government can play,” Wilson said, citing diplomacy, trade and sanctions as relevant examples, given the nation-state dimension to power grid cybersecurity.
Commit to Long-Term Secure Remote Access
Before COVID-19, about 7% of the U.S. civilian workforce had access to a “flexible workplace” benefit, according to the 2019 National Compensation Survey (NCS) from the federal Bureau of Labor Statistics. The percentage of white-collar workers in the U.S. working remotely is now more than 90%, estimated Jason Haward-Grau, a leader in KPMG’s cybersecurity practice.
Remote work is not necessarily new for utilities. Southern Company has “spent years designing and building secure remote access for a variety of scenarios,” Wilson said. The Southern Company relied on remote access, for instance, during the so-called snow apocalypse that hit Atlanta in 2014 and the 2019 Super Bowl held in the city. “Getting to scale, being able to support a truly huge telework presence was already there,” Wilson said.
In many cases, line workers still must physically access equipment to make repairs. After a storm, for instance, Southern Company might send more than 1,000 workers to repair damaged power lines. “But for the corporate office buildings, we are not in a rush to get back to the office,” Wilson said. It is likely that “certain jobs become more [telework-based] than they ever have before,” he added.
Reevaluate Risk of In-Person and Digital Processes
Despite the shift to remote work, a significant portion of work on the electrical grid is still physical, whether it is repairing downed power lines or embedding sensors in substations or power plants. COVID-19–related restrictions have often complicated such work, Wilson said, especially for jobs that formerly required multiple workers to be present at a single site. Southern Company has reduced the size of crews, deploying individual workers for tasks when possible.
COVID-19 restrictions can pose a challenge for security tasks requiring physical equipment access. Electric utilities should have clear policies about which types of workers — including contractors and vendors — should be granted physical access to equipment.
Similarly, utilities with insider threat programs should adapt, Wilson said. Because many insider threat programs are based on physically observing workers to identify suspicious behavior, the shift to telework can be vexing. “You have to shift back to your electronic capabilities for observation because you don’t have that direct presence,” Wilson added.
While the threat of elite nation-state actors to sabotage domestic power grids warrants a robust response, frequently, the insider threat risk is underestimated, Blackmer said. “Somebody could accidentally enter a value into a process,” he said. “The risk is not always malicious. Somebody might have made a mistake.”
Due to climate change, wildfires are set to become an increasing problem
Millions of acres burn every year in wildfires across the United States, with the worst seasons on record occuring in the past two years. Climate change is blamed for making these fires increasingly worse year-on-year, making things tough for power grid engineers in an increasingly volatile climate reality.
The average wildfire season today is three and a half months longer than it was as recently as the 1980s. The number of annual large fires in the US has tripled — burning six times as many acres as in wildfire seasons only decades ago.
Wildfires are occuring where they were rarely seen before
Temperature averages in Siberia were nearly 10°C above normal for the first five months of 2020. Temperatures in the Russian Arctic region and Siberia continue to break records, thawing the tundra and contributing to an increase of hundreds in wildfires, most in areas inaccessible by firefighters. Siberian wildfires today are breaking out over nearly 3 million acres (1.2m hectares). The smoke cloud is unprecedented, extending over the United States and Canada.
How power lines contribute to wildfires
There is growing evidence that power lines themselves trigger wildfires.
High winds are a key contributing factor, vegetation contact, where high winds blow trees and branches onto power lines, sparking fires. In other cases, wind can snap wooden distribution line poles, causing live wires to fall onto nearby dry grass, setting it on fire.
California is particularly at risk because of drought conditions that have turned its forests into tinderboxes from August to November, when high winds are common. The Redwood Fire burned more than 36,000 acres, destroyed hundreds of homes and businesses, and lead to nine deaths.
Introducing OTELLO – real time notifications the moment problems arise
Developed in Cape Town, South Africa, OTELLO is an innovative grid management system developed to meet Africa’s steep energy challenges. It is a solution in two parts – a device installed across the network, and a software platform that visualises the data and provides real time notifications when network performance moves out of accepted safety thresholds.
Each OTELLO device is a linux-based edge computer, which process data locally as it enters the device, while simultaneously streaming it onwards a central data store. With a built-in GPS clock that is time synchronised to within ±100ns from absolute time, the full fleet of devices work together in perfect harmony, delivering the full picture of network performance.
OTELLO records and reports on a comprehensive set of RMS, phasor, harmonic, environmental & synchrophasor data, encompassing over 9,000 parameters.
OTELLO’s data visualisation platform reports and interprets the data for the end user. Available for all smart devices, OTELLO will notify the appropriate team members at the moment anomalies occur on the network. If storm clouds suddenly begin to form over the city and solar supply drops rapidly, OTELLO will send emergency push notifications and emails in real time to the people who matter.
Beyond emergency notifications, OTELLO’s unique capabilities can also:
- Provide interaction and control down to the mini-substation level, providing engineers and operators with unprecedented visibility and remote management of the entire enterprise.
- Predict, detect and prevent wildfires caused by high voltage power-lines.
- Provide detailed information and insights through an ongoing forensic record, enabling long-term decision making and informed capital investments.
Keen to know more?
OTELLO is set to change the way the power grid is managed. If you’d like to see more of what the system is capable of, speak to us.