Cybersecurity Is Your Problem, Make It a Priority

Back to Top

lock

The biggest transformation within the electrical distribution system in recent years is the integration of renewable energy sources such as solar and wind. We’re also seeing the rise of other distributed energy resources (DERs), such as battery energy storage systems, natural gas generators, and combined heat and power systems, being installed and integrated onto utilities’ electrical distribution systems. And when those systems get integrated, several discussions occur on the features and functions of what the system is going to do, how it’s going to act, how fast it will act, etc.

The last question usually thrown in at the end of those conversations is: Oh yeah, by the way, is there a cybersecurity plan? As cyberattacks and cyberthreats continue to rise, cybersecurity should no longer be relegated to an afterthought. In fact, it should be at the forefront of the conversation.

What makes cybersecurity tricky is that it can be hard to define. When looking specifically at integrating DERs that form microgrids onto the utility grid, part of making those secure is having what would I like to refer to as a multilayered contingency plan consisting of three parts.

The first component is resilient equipment. This is everything from the communication infrastructure to the actual hardware. The second component is distributed design. This means if something was to happen to one part of the system, the entire system wouldn’t go out. Lastly, the final component is having intelligent controls, which are devices that are a little bit smarter than just a box that follows if and then statements.

Why does all of this really matter? These different devices are talking to each other, and a microgrid control system is another system within the overall system. When you have systems within systems, it really creates a need to make sure you have cybersecure controls. Unfortunately, I’ve seen systems where overly complex security protocols are added after the microgrid has been built. This results in making a fragile security system that leaves not just the microgrid but the entire utility system vulnerable to be exploited through a cyber-intrusion.

Protecting yourself from an intrusion means considering facilities and installations that can withstand a variety of contingency scenarios that include hardware, such as a firewall designed to protect assets. However, as cyberthreats continue to grow in sophistication, we know protecting the castle with a moat is not enough. As such, security experts must consider what happens when intruders make it past the gates.
This is where a multi-layered, in-depth approach to defense comes into play. This involves skillfully combining a variety of security tools to build a comprehensive security paradigm that includes things like intrusion detection, communication encryption, and hardening of end devices.

Whether you’re building a microgrid or running a start-up, make sure you bring your cybersecurity leader to the table during the first conversation. Your customers depend on it.

I’d be interested in learning your thoughts on cybersecurity preparation in the Comments section below.

Expert

Erik Svanholm

Publication Date

July 29, 2019