Cybersecurity: The Hackers are Already Through the Utilities’ Doors, so What’s Next?

SunSpec in the news - Forbes Cybersecurity image

Originally published by Forbes. Visit their site for the full piece.

In a distributed world, attack surfaces multiple rapidly and grid edge devices can become weapons

The problem gets worse as the growth of distributed networks of assets create potentially critical issues. The population of these devices is huge and multiplying rapidly. Consulting firm Wood Mackenzie estimates that there are currently 30 million grid-connected assets out there in U.S. homes today, with millions more to come. The company forecasts 88,000 megawatts (MW) of ‘residential flexible potential’ by 2023 (by way of context, the total generation capability of the Texas grid is just under 80,000 MW).

From a cybersecurity perspective, that means there are tens of millions of potential attack surfaces that can now enable hackers to connect to utilities. It also means the bad actors don’t have to go after the utilities’ centralized – and relatively well-protected – Supervisory Data Acquisition and Control (SCADA) systems that run their networks. To destabilize the grid, hackers may soon have have tens of thousands of megawatts of relatively unprotected distributed flexible devices whose behavior they can manipulate to destabilize the grid through a coordinated botnet type of attack.

Rothrock cautioned, “To the extent that we become more and more automated in control of extended systems and…we put this attack surface out there, disconnecting things can be very disruptive without destroying anything.”

He is concerned about vendors, who have focused principally on getting products into the market, with little focus on hardening assets from a cyber perspective,

Those vendors, I don’t think they understand the vulnerabilities they have created. We talk to a lot of IoT vendors. Building an IoT device that is hardened is just not on their roadmap. It takes money and time, and they are focused on cheap and plentiful.”

He commented that it would be helpful for regulation to require cyber standards from UL or from IEEE, but there’s not a comprehensive cyber UL yet. The good news is that the SunSpec Alliance – an association of over 100 companies and organizations active in solar energy and inverters aims to change that in the near future. The organization has been coordinating with Sandia National Laboratories in a distributed energy resource cybersecurity group. It noted in a recent webinar (minutes 28 and 29 of the recording) that it has formed six groups to address various areas ranging from access controls to secure network architecture. It also plans to develop specifications for potential future certification by UL.

Read more at Forbes

Subscribe

Recent Posts

Latest news from our blog

Message to Our Members: October 2021

Dear SunSpec Member, At the core of the SunSpec Alliance ecosystem is a steady momentum of progress driven by the dedicated efforts of our seven primary Work Groups. Consisting of representatives from SunSpec member companies, a designated Work Group leader, and a...

2021 Annual SunSpec Alliance Member Meeting Video Recap

Watch the 2021 Annual SunSpec Alliance Member Meeting Video Recap on SunSpec TV As always, it was a pleasure to share the company of the SunSpec ecosystem at the year's Member Meeting. We are consistently humbled by the ongoing support of our members and are grateful...

Welcome to the New SunSpec Member Portal!

We are excited to welcome you to the newly updated SunSpec Alliance Member Portal! Aside from a new friendly user interface, we've added a host of additional features to enhance your experience as a contributing member of the SunSpec Alliance. From this dashboard, you...

Join us for the 2021 Annual Member Meeting

Join us for the SunSpec Alliance 2021 Annual Member MeetingDate: October 7th & 8th, 2021 Time: See Schedule for Details About this event: Please join us for the SunSpec Alliance 2021 Annual Member Meeting! UPDATE: VIRTUAL ATTENDANCE ONLY Date: October 7th &...

Software Engineer

Job Title: Software Engineer - San Jose, CA   SunSpec Alliance is seeking to hire a Software Engineer for a full-time position (40 hours/week)  to work at our San Jose, CA headquarters at competitive salary.   Job duties include: Working on a web service called...

SunSpec Alliance is the information standards and certification organization for the Distributed Energy Resource (DER) industry. SunSpec communication standards address operational requirements of solar and energy storage on the smart grid.