Pages

2 August 2017

Report goes in-depth on power grid cyber vulnerabilities and why they won’t be fixed soon

By: Brad D. Williams 

Large windmills and solar panels are seen Monday, Oct. 6, 2008, in Atlantic City, N.J. The local utilities authority's wind farm consists of five windmills that generate 7.5 megawatts, enough energy to power approximately 2,500 homes. It powers a wastewater treatment plant, with surplus energy going to the area power grid. (AP Photo/Mel Evans)

A new report details the urgent need for broad, systematic initiatives to improve the resilience of the U.S. power grid, while also highlighting the perils and pitfalls of such efforts, which range from politics to the conflicting economic self-interests of diverse stakeholders.

The report, “Enhancing the Resilience of the Nation’s Electricity System,” was recently published by the National Academies of Sciences, Engineering and Medicine’s (NASEM) Committee on Enhancing the Resilience of the Nation’s Electric Power Transmission and Distribution System.

Dozens of organizations have published similar reports, but at 282 pages, NASEM’s report is notable for its breadth and depth. The length illustrates the topic’s complexity, which stems partly from the nature of the grid and partly from the “political process” that always accompanies any attempt to overhaul the status quo. Nonetheless, the report “focuses on identifying, developing and implementing strategies to increase the power system’s resilience in the face of events that can cause large-area, long-duration outages...”

The report provides seven overarching recommendations and 12 specific recommendations while acknowledging that, “Given the nature of the system, there is simply no way that outages can be completely avoided, no matter how much time and money is devoted to such an effort.”

Despite recent, high-profile cyberattacks on power utilities in the U.S. and abroad, the report notes that, “Most interruptions result from physical damage in a local part of the distribution system caused by weather, accidents or aging equipment that fails. Less frequently, major storms and other natural phenomena, operating errors and pernicious human actions can cause outages on the bulk power system as well as on distribution systems.”

In addition to the technical and operational challenges to achieving resilience, the report summarizes the difficulty of undertaking grid-wide resilience initiatives:

No single entity is responsible for, or has the authority to implement, a comprehensive approach to assure the resilience of the nation’s electricity system. Because most parties are preoccupied dealing with short-term issues, they neither have the time to think systematically about what could happen in the event of a large-area, long-duration blackout, nor do they adequately consider the consequences of large-area, long-duration blackouts in their operational and other planning or in setting research and development priorities. Hence the United States needs a process to help all parties better envision the consequences of low-probability but high-impact events...

The report is notable in that it carefully distinguishes between reliability and resilience, two concepts long familiar to electrical engineers but less so to the general public. The definition of power reliability hinges on the concepts of adequacy and operating reliability, which both emphasize the uninterrupted supply of power.

Resilience is the ability to maintain, or to quickly regain, critical functionality and core operational capacity during and immediately following adverse events, ranging from severe weather to cyberattacks.

One of the report’s findings, then, is “Resilience is not the same as reliability. While minimizing the likelihood of large-area, long-duration outages is important, a resilient system is one that acknowledges that such outages can occur, prepares to deal with them, minimizes their impact when they occur, is able to restore service quickly and draws lessons from the experience to improve performance in the future.”

The concept of resilience has long been discussed within the power utility industry, but today’s conversations occur amid the grid’s fundamental and rapid evolution. The report highlights three major forces influencing grid security and resilience:

Changing governance models: Reflected in the transition from heavily regulated, vertically integrated traditional market structure – in which one utility generates, transmits and distributes power for an entire geographic service territory – to a market-based approach, as in Texas. In the market-based approach, power generators – both traditional utilities and independent entities – sell power wholesale. Such dynamics require changes to traditional regulatory schemes, power utility business models and how consumers buy power. 

Modernization and digitization: Evidenced by the increasing instrumentation and automation of the bulk power system (e.g., high-voltage substations and transmission lines) and “smart grid” initiatives in the distribution system. Smart grid technologies allow for bi-directional communications, data collection, automation and control of components to provide real-time management of power supply. 

Distributed energy resources: Illustrated by distributed generation (e.g., renewables such as solar and wind power), energy storage and demand response, which supplies power based on the real-time demand from consumers. 

Given the grid’s uneven evolution across geography and markets, as well as the resulting complexity these forces bring about, the authors note, “Strategies to enhance power resilience must accommodate both a diverse set of technical and institutional arrangements and a wide variety of hazards. There is no ‘one-size-fits-all’ solution to avoiding, planning for, coping with and recovering from major outages.”

New technologies designed to modernize and digitize the power grid increasingly present cybersecurity experts with a unique “cyber-physical system” to protect. For example, most power utilities deploy traditional enterprise IT infrastructure (e.g., PCs with Microsoft Windows), but they also maintain industrial control systems (ICS) and operational technology (OT). OT is used to monitor and control the grid’s physical components, such as switches and circuit breakers. ICS systems usually sit between IT and OT, enabling operators to monitor, automate and control physical components. Threat actors have targeted all three types of systems – IT, ICS and OT – in recent cyberattacks, most notably in the Ukraine.

For this reason, one of the report’s overarching recommendations focuses on carrying out a “program of research, development and demonstration activities to improve the security and resilience of cyber monitoring and controls systems.” The recommendations include continuous data gathering, problem diagnosis, visualization techniques to provide situational awareness, analytics for real-time recommendations, restoration techniques for control systems and power delivery functionality following an event and the development of grid forensics tools. The report also includes two specific recommendations to DOE and DHS to improve security and resilience of cyber and physical systems.

Despite depicting the clear need and laying out logical recommendations, the report repeatedly highlights the difficulty of undertaking systematic initiatives to improve resiliency. From the perils of the “political process” required to mandate changes to the diverse, often conflicting self-interests of stakeholders, the challenges are significant.

One big challenge is determining who should lead the coordinated effort to improve nationwide resiliency. There are currently dozens of entities charged with overseeing various aspects of grid resilience and cybersecurity. For instance, “While the DHS has overarching responsibility for infrastructure protection, DOE, as a sector-specific agency for energy infrastructure, has a legal mandate and the deep technical expertise to work on such issues,” the authors noted.

For their part, the authors suggest many existing entities should be involved, but they assign overarching responsibility to the DOE: “The DOE is the federal entity with a mission to focus on the longer-term issues of developing and promulgating technologies and strategies to increase the resilience and modernization of the electric grid. No other entity in the United States has the mission to support such work...”

Another big challenge is determining how such initiatives should be funded. The authors also lay this responsibility with federal government:

The committee views research, development and demonstration activities that support reliable and resilient electricity systems to constitute the public good. If funding is not provided by the federal government, the committee is concerned that this gap would not be filled either by states or by the private sector. In part, this is because the challenges and solutions to ensuring grid resilience are complex, span state and even national boundaries and occur on time scales that do not align with business models.

The authors suggest federal funding despite the vast majority of power infrastructure in the U.S. being privately owned and operated. The authors conclude:

It is unrealistic to expect firms to make investments voluntarily whose benefits may not accrue to shareholders within the relevant commercial lifetime for evaluating projects. Moreover, much of the benefit from avoiding such events, should they occur, will not accrue to the individual firms that invest in these capabilities. Rather, the benefits are diffused more broadly across multiple industries and society as a whole, and many of the decisions must occur on a state-by-state basis.

The reasoning illustrates why the future holds many more reports on the urgent need to improve national grid resiliency and cybersecurity, accompanied by minimal concrete action to achieve it – at least until the lights go out.

No comments:

Post a Comment