This post is one in a series of feature stories on trends shaping advanced energy markets in the U.S. and around the world, drawn from Advanced Energy Now 2017 Market Report, which was prepared for AEE by Navigant Research.
Nearly $3 trillion has been invested globally in grid modernization since 2000. According to the International Energy Agency, another $8 trillion will be required over the next 25 years to accommodate emerging areas like distributed intelligence and data analytics. These investments will help boost reliability and resilience while reducing operating costs. Amid the digitalization of energy, offering up the IoT, connected devices, smart grid, and even autonomous vehicles to consumers, new challenges, such as cybersecurity, arise.
The U.S. Department of Energy’s (DOE) second Quadrennial Energy Review, published in January, describes the economic and resiliency benefits of a modern electrical system – supporting a two-way flow of electrons and information – but also points to the vulnerabilities:
“The range of goods and services that involve grid communications and two-way electricity flows, including the IoT, represents significant value creation and greatly supports and enhances our economy and global competitiveness. At the same time, these goods and services place new demands on the electric grid for high levels of reliability, smarter components, visibility, analytics, and system-wide planning. These features and services also introduce new vulnerabilities to our electricity system (e.g., accelerated time scales sufficient to require significant automation and cybersecurity) that rise to the level of national security concerns.”
While the new technologies introduce new vulnerabilities, they also help to reduce old vulnerabilities.
The physical grid faces a host of potential, unanticipated threats to reliability. Weather events ranging from high winds to wildfires to blizzards can all damage the physical infrastructure of the grid. Human beings can also cause damage – inadvertently, through vehicle collisions with poles, or intentionally, through attacks on critical energy infrastructure. Even wildlife like squirrels, lizards, and birds can cause major disruptions in the delivery of power across the transmission or distribution network. Power plants themselves can experience unplanned outages due to fuel shortages or equipment failure. A more distributed, connected grid can significantly improve grid operators’ ability to monitor and respond to unanticipated power fluctuations, and reduce operating costs while improving reliability. Utilities used to rely on customers to call in and report power outages. Now, utilities increasingly utilize smart grid technology to notify them instantaneously when an outage occurs. Using the same connected hardware, utilities can anticipate power fluctuations and sometimes even respond by reducing load or re-routing power flows.
That said, it is a growing challenge to protect hardware, software, and data from bad actors looking to do harm. Reports of cyberattacks have ranged from the low level (baby monitors) to smart refrigerators and thermostats (as demonstrated by researchers) to Stuxnet, the malicious 2009-10 cyberattack on an Iranian nuclear facility. A 2015 hack of Ukrainian substations, which left more than 230,000 people without power for hours, is a potent reminder of the risks. Vulnerabilities further expand to the transportation sector, as modern vehicles are equipped with dozens of networked electronic control units running tens of millions of lines of code.
Over the long-term, the grid of the future holds the promise to use the distribution of assets, intelligence, and redundancy to contain these vulnerabilities by rapidly – even instantaneously - identifying and isolating problems. But in the here and now, the need for stepped-up security measures is apparent to managers at energy companies and utilities around the globe. A Vodafone survey of executives, which gathered responses from people in 17 countries from all the major regions, shows that six in 10 (59%) energy and utility companies are working on IoT security guidelines. Still, that leaves 40% neglecting the digital backdoor into energy facilities.
Protecting modern technology systems from harm is nothing new. Despite disturbing hacks early on, online and mobile banking have become sufficiently secure to protect their customers’ accounts and identities. Much the same thing is to be expected in the energy world as it gets connected to an ever-widening range of intelligent devices.
Separate from appliances, the proliferation of distributed energy resources (DERs) has led to a growing effort to standardize security protocols. For instance, the North American Electric Reliability Corp. (NERC) has set mandatory Critical Infrastructure Protection standards for utility assets, including specific standards related to cyber security. Grid operators in places with high penetration of distributed generation also are beginning to address cyber security issues. The California Public Utility Commission, for example, is evaluating cybersecurity functionalities for inverter-based technologies.
The digitalization of the electrical grid is essential for improving safety, recovering from power outages, incorporating distributed energy technologies, and reducing unnecessary energy consumption. Given that absolute security is not possible, some in the industry now suggest that cyber-resilience – much like resilience against threats from storms and other sources of disruption in the physical world – is the appropriate goal.
Learn more about the size and scope of advanced energy in our 2017 report: Advanced Energy Now: 2017 Market Report.