Securing DER from cyber attacks
ASE August 23, 2019
ASE August 23, 2019
Our way of life has never been better with innovations in almost all spheres of life making it much easier for people to shop, work and entertain themselves. Innovation in the decentralized electrical grid, renewable generation and electric transportation provide one of the strongest opportunities for meeting Carbon goals to reduce global warming. Innovation provides the only real hope of saving our planet or transporting the human race into a future outside the Earth.
While innovation is good and exciting, most advancement's in technology also open up potential doors for bad actors to compromise our systems and way of life. Distributed Energy Resources and electrical distribution systems are no exception. To achieve reliability and resiliency with Solar Rooftop, Battery Storage, Electric Vehicles and Electric Vehicle Charging Infrastructure spread within the distribution grid, it is imperative that these systems are not only intelligent, but they have bi-directional communication with the control systems or cloud and interact with other devices in the grid.
There are many efforts in the standardization and regulations to secure utility systems from bad actors, however the growth and geographic spread of DER and their growing impact in terms of %ge of actual generation is creating a situation where reliance on protocol standards or private protected networks are a solution. Regulators have understood this and California is leading in this area with its Rule 21 regulations and supporting adoption of IEEE 2030.5 and IEEE 1547. Considering the fact that in not so distant future, the amount of DER distributed in the grid and monitored and controlled over the Internet would be far more than conventional generation regulated by NERC / CIP requirements, we need secure, scalable and low cost solutions right now.
Securing DER deployments and potential risk to the Distribution Grid requires addressing the following actors in the ecosystem:
To achieve the goal of securing the DER's we need to ensure that the following are taken care of in addition to addressing protocol level security:
The DER Devices should support X.509 certificate that identify and authenticate the manufacturer of the device. The DER Devices should support a X.509 certificate and trust chain provided by a Certificate Authority which is validated before any server accept connections from the device. The DER devices should be pre-registered with the server before it is allowed to connect. All communication to the Server / Aggregator shall be over TLS 1.3. Fine grained access control and attributes shall be defined in the X.509 certificates to ensure no single user has full access. The DER regulations should rely on less centralized control based behavior and more on adaptive local behavior to avoid cascading attacks
The Data network shall support TLS 1.3 and all communication shall be encrypted over a TLS 1.3 pipe. The Cloud / SaaS Application shall keep all critical data encrypted for storage Data transferred over the Cloud / Data network to the Utility Systems shall be over a TLS 1.3 pipe. Fine grained access control for users to be defined and implemented.
The Utility or Aggregator head ends should ideally not be tightly coupled with the SCADA / DMS system. The data from DER to the Utility or Aggregator system should terminate on a DER Application Server / Head End and non on the SCADA/ DMS system. The DER Application Server / Head End should have a one way interface to the SCADA / DMS for operator information. It should not be a two way command / control interface. They should follow the same level of security on all interfaces as for the devices and network. SyncConnect and kalki.io IAM solutions provide DER Industry the ability to protect and secure DER systems and Distribution grid. With support for protocol level security, TLS 1.2 and 1.3, HTTPS and Web socket support with X.509 certificates, support for Trusted Platform Module (TPM) and a separation layer for data and control between the SCADA / DMS and the Aggregation / Cloud layer and avoiding man in the middle problem. Addressing the above three broad areas will address holes and back doors to a great extend to avoid a black swan event, it would also help to address how the DER devices are themselves resilient to cascading events. An approach similar to how CSMA-CD helped the adoption and expansion of Ethernet, a similar philosophical approach to the DER devices to counter black swan events and island themselves would not only address large scale attacks, but also allow us to transform our existing integrated grid to a federated set of small microgrids that by their inherent design are more secure than a tightly interconnected grid.