A new report from Guidehouse Insights examines how distributed energy resources (DER) deployments are expanding the attack surface for cyberattacks, discusses the updated IEEE Standard 1547-2018, and provides recommendations for industry stakeholders.
New global DER deployment capacities — including distributed generation (DG), distributed energy storage, plug-in EV chargers, demand response (DR) and energy efficiency — are expected to continue to exceed the deployment of new centralized generation capacity growth. Unfortunately, without government regulation or widespread demand signaling from customers, cybersecurity is often an afterthought for rapidly scaling and distributed technologies. According to the report from Guidehouse Insights, utilities and owners of DER deployments must prioritize cybersecurity best practices and controls to ensure safety and resiliency for electricity generation and distribution.
“Cyberattacks are increasingly common across the energy industry and cybersecurity risks for DER are growing,” said Danielle Jablanski, senior research analyst with Guidehouse Insights. “Best practices and controls for DER are essential to ensure safety, reliability, and resiliency for electricity generation and distribution.”
Planning and preparing for incidents is paramount. According to the report, utilities and owners and operators of DER deployments should not only prioritize DER cyber risks and develop more robust orchestration systems, they must also promote industry-led initiatives for securing DER and pursue more robust public key infrastructure.
News item from Guidehouse Insights
“Planning and preparing for incidents is paramount. According to the report, utilities and owners and operators of DER deployments should not only prioritize DER cyber risks and develop more robust orchestration systems, they must also promote industry-led initiatives for securing DER and pursue more robust public key infrastructure.”
Nice techno babble, “robust orchestration systems,…”, “…robust public key infrastructure.” IF one or more entities want to take down your system all they have to do is hammer your “cloud position” to cause denial of service failures. The bottom line is when you “distribute” your energy resources, you also have to create islanding for those DERs remotely in case of a cyber attack or ransomware attack. It has been part of SCADA systems for almost 40 years as fall back to “local emergency mode” of operation. Some critical sites have military encrypted radio links to regional control centers without internet connection as standby backup communications. This will require a lot of command and control software running on each DER in case of bad actor intrusions or complete communications failures.