The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

Prasanth Gopalakrishnan's picture
CEO Kalkitech / ASE

Prasanth Gopalakrishnan is the founder and CEO of Kalkitech. He founded Kalkitech in May 1998 with a vision to make it a technology leader in the field of energy optimization and communication...

  • Member since 2019
  • 2 items added with 3,124 views
  • Aug 27, 2019 12:32 pm GMT

This item is part of the Special Issue - 2019-09 - Distributed Energy Resources, click here for more

Our way of life has never been better with innovations in almost all spheres of life making it much easier for people to shop, work and entertain themselves. Innovation in the decentralized electrical grid, renewable generation and electric transportation provide one of the strongest opportunities for meeting Carbon goals to reduce global warming. Innovation provides the only real hope of saving our planet or transporting the human race into a future outside the Earth.

While innovation is good and exciting, most advancement's in technology also open up potential doors for bad actors to compromise our systems and way of life. Distributed Energy Resources and electrical distribution systems are no exception. To achieve reliability and resiliency with Solar Rooftop, Battery Storage, Electric Vehicles and Electric Vehicle Charging Infrastructure spread within the distribution grid, it is imperative that these systems are not only intelligent, but they have bi-directional communication with the control systems or cloud and interact with other devices in the grid.

There are many efforts in the standardization and regulations to secure utility systems from bad actors, however the growth and geographic spread of DER and their growing impact in terms of %ge of actual generation is creating a situation where reliance on protocol standards or private protected networks are a solution. Regulators have understood this and California is leading in this area with its Rule 21 regulations and supporting adoption of IEEE 2030.5 and IEEE 1547. Considering the fact that in not so distant future, the amount of DER distributed in the grid and monitored and controlled over the Internet would be far more than conventional generation regulated by NERC / CIP requirements, we need secure, scalable and low cost solutions right now.

Securing DER deployments and potential risk to the Distribution Grid requires addressing the following actors in the ecosystem:

  • DER / EV Devices
  • Data Networks / Cloud Services
  • Utility or Aggregator Head ends

To achieve the goal of securing the DER's we need to ensure that the following are taken care of in addition to addressing protocol level security:

1. DER Devices

  • The DER Devices should support X.509 certificate that identify and authenticate the manufacturer of the device.
  • The DER Devices should support a X.509 certificate and trust chain provided by a Certificate Authority which is validated before any server accept connections from the device.
  • The DER devices should be pre-registered with the server before it is allowed to connect.
  • All communication to the Server / Aggregator shall be over TLS 1.3
  • Fine grained access control and attributes shall be defined in the X.509 certificates to ensure no single user has full access.
  • The DER regulations should rely on less centralized control based behavior and more on adaptive local behavior to avoid cascading attacks

2. Data Networks / Cloud

  • The Data network shall support TLS 1.3 and all communication shall be encrypted over a TLS 1.3 pipe.
  • The Cloud / SaaS Application shall keep all critical data encrypted for storage
  • Data transferred over the Cloud / Data network to the Utility Systems shall be over a TLS 1.3 pipe
  • Fine grained access control for users to be defined and implemented.

3. Utility or Aggregator Head Ends

  • The Utility or Aggregator head ends should ideally not be tightly coupled with the SCADA / DMS system.
  • The data from DER to the Utility or Aggregator system should terminate on a DER Application Server / Head End and non on the SCADA/ DMS system.
  • The DER Application Server / Head End should have a one way interface to the SCADA / DMS for operator information. It should not be a two way command / control interface.
  • They should follow the same level of security on all interfaces as for the devices and network. IAM and SyncConnect EdgeIoT  is one of the solutions out there that provide DER Industry the ability to protect and secure DER systems and Distribution grid. With support for protocol level security, TLS 1.2 and 1.3, HTTPS and Websocket support with X.509 certificates, support for Trusted Platform Module (TPM) and a separation layer for data and control between the SCADA / DMS and the Aggregation / Cloud layer and avoiding man in the middle problem.

Addressing the above three broad areas will address holes and back doors to a great extend to avoid a black swan event, it would also help to address how the DER devices are themselves resilient to cascading events. An approach similar to how CSMA-CD helped the adoption and expansion of Ethernet, a similar philosophical approach to the DER devices to counter black swan events and island themselves would not only address large scale attacks, but also allow us to transform our existing integrated grid to a federated set of small microgrids that by their inherent design are more secure than a tightly interconnected grid.

Prasanth Gopalakrishnan's picture
Thank Prasanth for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
Bob Meinetz's picture
Bob Meinetz on Aug 27, 2019

"Innovation in the decentralized electrical grid, renewable generation and electric transportation provide one of the strongest opportunities for meeting Carbon goals to reduce global warming."

Prasanth, decentralization has never proven effective at reducing carbon emissions or the price of electricity, Economies of scale explain why.

What evidence do you have it might be possible to rewrite this bedrock principle of finance and thermodynamics?

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »