Grid Modernization May Compromise Grid Security
- Oct 11, 2019 4:40 pm GMT
- 767 views
The current U.S. electrical grid is a combination of old and new technologies. Some of the old ones have been around since the early 20th century and were built to last for a few decades, so many elements are in need of repair or replacement. Meanwhile, new energy sources and technologies have come onto the scene, some of which require integration with the existing infrastructure.
These newer elements — such as DERs and monitoring devices — are critical for the future of energy distribution. However, they also create points of entry for cyberattacks. These competing factors leave utilities with the question of how to modernize the power distribution infrastructure without exposing it to potentially devastating attacks.
According to a recent report, cyberattacks are so prevalent that 48% of power and utility CEOs who participated in the survey underlying the report believe it’s just a matter of time before their company becomes a target. Yet, only 58% are prepared to identify such a threat.
Another report stated that the three primary sources of such attacks are nation-states, organized crime, and disgruntled employees and that the energy sector accounted for 20% of cyber incidents reported in 2016, with “'an extreme uptick’ in cyberattacks targeting the electric grid in North America” in 2018. This report also cites grid modernization and digitization as a growing vulnerability, based on the increasing number of access points, the use of common software and information technologies, and increasing automation.
In a recent article for Fortune, Federal Energy Regulatory Commission member Neil Chatterjee states, “There are a few things we can do to address the double-edged sword of technological progress.” For example, while cloud storage is convenient, using this method to store sensitive data about the grid may “create additional vulnerabilities if not managed properly.” Therefore, “it may be prudent to limit [cloud] use to things like long-term planning or asset management activities.” Data encryption is another strategy for protecting sensitive data.
But minimizing vulnerabilities isn’t just about technology; it’s also about the people who operate that technology. Chatterjee recommends background checks on contractors and standards that provide a framework for “robust cybersecurity practices.” He also notes that, because cyberthreats are ever-changing, efforts to thwart them must be flexible as well.
Protecting the New Grid
“Admittedly, no system is entirely immune from attack,” according to Nevelyn Black, writing for Energy Central, “but hardening and modernizing the grid with the most up to date security systems would increase preparedness.”
The Federal government is contributing to this effort with, among other things, the formation of the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), within the Department of Energy. The office “addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today by improving energy infrastructure security and supporting the Department of Energy’s (DOE) national security mission.” The office focuses on preparedness related to both natural and human-made threats.
Other governmental efforts to protect the grid include Federal bills, pilot programs, reports, and other actions to help ensure grid security. States are also stepping up with requirements for new additions to the grid as well as studying threats and making recommendations to electricity providers.
The U.S. power grid is a critical infrastructure for the functioning of our society and, therefore, a target for those who want to inhibit that functioning. Protection methods that have worked in the past may no longer be applicable as we change the grid in fundamental ways. Therefore, special precautions must be taken to ensure that grid improvements don’t lead to further grid vulnerabilities.
What steps has your utility taken to strengthen grid security? Please share in the comments.