With the ever-increasing integration of Distributed Energy Resources (DERs) into the mainstream electricity network, the nature of the supply-chain of the electricity market has evolved from linear to dynamic.
This multi-dimensional energy and respective information flow has been possible through technological functionalities. To bring consistency across different jurisdictions and tech-platforms, market regulators across the globe seems to be banking on the IEEE 2030.5 as the de-facto standard that covers smart energy communication protocols. A subset of IEEE 2030.5 that particularly regulates communication between Distributed Network Service Providers (DNSPs) and smart inverters is known as Common Smart Inverter Profile (CSIP) originally devised by the California Public Utilities Commission. Looking at its effectiveness CSIP-AUS was formulated by DER Integration Technical Group under the aegis of ARENA (Australian Renewable Energy Agency) for the Australian market.
However, these recent developments in the energy ecosystem have presented some significant challenges in adapting these IEEE 2030.5 standards in general and especially the security standards. The challenges are:
Legacy Devices: The first challenge is the existence of legacy grid-end devices that have reached the limits of their technological capabilities. The solution of replacing these devices, especially the last mile of energy distribution is costly. Who shall bear the cost of this infrastructural upgrade? With prosumers already struggling with recovering their investment into PV systems because of static export limits imposed by DNSPs to cope with high-voltage risk caused to existing grid networks, they are highly unlikely to invest any further in upgrade of legacy devices. Given the overwhelming presence of solar-powered legacy DERs in the Australian grids and to timely accomplish zero emission targets, it has become complex for the government agencies.
Clear-text communication protocols: Most of the smart energy devices deploy open protocols such as HTTPS and Modbus that lack encryption thereby endangering the integrity and confidentiality of the data in transit. However, this loophole has been plugged by the CSIP-AUS which recommends sophisticated encryption techniques for inter-DER communications and with utilities.
Limited Computing capacity: Although latest encryption effectively addresses the issue, tech-vendors are struggling to roll-out smart-end devices whose computing power is adequate to facilitate hashing of data necessary for secure telemetry. Could firmware upgrade be a feasible solution? Yes, it could be. But again, how do we facilitate firmware-based solutions at scale and who shall financially back this herculean task?
Testing facilities and implementation of certification process: The costs of embracing the Public Key Infrastructure (PKI) based digital certification process are very high. Refer to the Sunspec based process. There is no doubt it is a cumbersome process with hierarchy of certificates and requires significant infrastructure set up. The challenges don't stop here, the equipment vendors and operators have to manage the validity of the digital certificates through out the life of equipment and also certificates (two types of device IDs, initial and local, to solve the IEEE 2030.5 standards non-revocable and non-expiring device certificate is in plan - SANDIA Labs).
The security and dynamic DER interoperability must be dealt with a multi-faceted approach. The California Public Utilities Commission came up with Rule 21, a mandate that enforces a host of existing standards for grid connection, IEEE 2030.5, CSIP, IEEE 1547 etc. Regulators ought to adopt this Californian Model to systematically achieve convergence and consistency among DERs from different tech-vendors across the supply chain. At the same time, the government must educate customers about the secured dynamic integration of their devices into existing grid networks and inject funds into the research and development of DER and smart grid security. Of all, we strongly believe that there should be a strategic initiative to phase out of legacy-devices.