The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Cyber Security Issues for Renewable Energy
August 26, 2021 | Robert Bergman
Ready or not, renewable energy is here, and apparently has established a solid foothold. The Center for Climate and Energy Solutions claims that energy from renewable sources doubled between 2000 and 2018 and cites the following as evidence of market growth:
- Renewables made up more than 17 percent of net U.S. electricity generation in 2018, with 7.0 percent from hydropower and 6.6 from wind
- Solar generation, including distributed, is projected to climb from 11 percent of total U.S. renewable generation in 2017 to 48 percent by 2050
- Globally, renewables made up 24 percent of electricity generation in 2016, 16 percent of which is from hydropower
- Renewable ethanol and biodiesel transportation fuels made up over 12 percent of total U.S. renewable energy consumption in 2018, which was up from 7 percent in 2006
As hydropower, solar, bio, and other renewal sources begin to take hold, it is better to think about the cyber security consequences now, before having to look at the situation in the rearview mirror as conventional energy markets are doing. In fact, Dr. Jason Stamp, an energy surety, and engineering analyst for Sandia National Laboratories has been thinking about it since at least 2012. In his PowerPoint presentation titled Cyber Security for Renewable Energy, he makes a key point that cyber security is vital for renewables because they will be very dependent on information technology.
He points, for example, to distributed generation, energy storage, and advanced metering applications, which typically require decentralized management and control. Likewise, monitoring ramp rates, voltage, fault identification, and islanding, he says, will require shared information flow that is susceptible to the following risks:
- Increasing interconnectedness
- Adoption of standardized technologies with known vulnerabilities
- Connectivity of control systems to other networks
- Insecure connections
- Widespread availability of technical information about control systems
- Increasing reliance on automation
Such risks, he says, are present at the component, generation, and communications levels.
At the component level, he believes that each control with physical or cyber access must be maintained at each access point. Examples of industrial components he says should be secured include advanced meters, photovoltaic inverters and modules, substation control systems, field sensors, and safety control systems.
Protection at the edge
Dr. Stamp says further that renewable generation uses more advanced controls, sensors, and network architectures near the generation source than fossil fuels. His examples include what today might be called edge systems:
- Solar dish/through/panel sectors
- Wind control stations
- Field weather and environmental data sensors
- Networking architectures and routers
Protecting the Interconnections
To protect interconnection, Stamp encourages people to consider the following issues:
- The diversity of hardware and software that is used in systems
- The high number of end nodes and access points at all locations across the grid
- The high number of data sources and sensors
- The need to encrypt communications across wide areas
These factors, he says, raise issues about the need for required/regulated protocols, physical and cyber security controls, who should be accountable for security at the many layers and endpoints, and the potential risks of standardizing technology and consolidating it into a single operating system.
Finding the answers
Dr. Stamp’s recognition of both the benefits and cyber risk of standard, information-heavy processes, was certainly prescient. And, although he doesn’t use the terms “built-in” or “intrinsic,” he certainly gets close to it, especially when he is talking about the need for security at the component level.
For more information on how IT and OT work together to secure a sustainable environment, see: OT for Resilience and Resilience for OT