Imagine a solar powered house and its battery connected to the grid becomes the culprit and bring the critical infrastructure of a state at halt. I am sure many in the energy sector believe it and agree to it.
However my worry is that very little strategy and action being taken by the government agencies, Lets see why I am worried
The solar power inverters and batteries have been in operation from more than 10 years with no secured communication.
Until 2015, none of the major energy stakeholders – transmission/distribution companies, market operators are open and considered the penetration of IoT devices seriously. They are not ready for the paradigm shift from uni-directional energy transmission to the multi-directional energy markets
The DER (inverter and battery) equipment manufacturers have implemented their solutions with non-secured and clear-text protocols.
There has been no compliance checks mandated so far on the DER connections from the communications angle as they are confined to the electrical safety checklist only.
If I continue the above list becomes exhaustive. In this blog post, let me aim to provide some recent trends being in action to bridge the gap in cyber security of critical infrastructure.
Firstly, identification of security design items and standards. There are already a few standards e.g. however, the world is moving towards the IEEE 2030.5 based integration, interoperability and security standards.
The equipment vendors under the Sunspec alliance have been in the process of implementing these standards in a phased manner.
The government agencies in the different states are trying to catch-up. In Australia ESB and AEMO started work in consultation with energy operators, estimating the costing and budgeting required for the cyber security aspects and implementation of the standards and measures to secure the critical infrastructure.
However, I am still worried because of the following facts
There are ~3million DERs in the Australian market alone. Considering at least 2 million DERs are still connected to the grid and communicating to the equipment vendors in respective countries using in-secured protocols.
The costs of implementing the evolving security standards and that too through out the life of DERs vs. the market price construct of the DERs.
New business models - The continued efforts of integration of these DERs into the market, distribution and new players in the energy markets, e.g. peer to peer markets, new forms of energy harnessing/export.
I am very much interested in collaborating and co-creating these sustainable energy markets in a secured manner. While I am discussing the details in the next set of blog posts, I am looking forward to your suggestions and inputs.