Cybersecurity: The Hackers are Already Through the Utilities’ Doors, so What’s Next?

SunSpec in the news - Forbes Cybersecurity image

Originally published by Forbes. Visit their site for the full piece.

In a distributed world, attack surfaces multiple rapidly and grid edge devices can become weapons

The problem gets worse as the growth of distributed networks of assets create potentially critical issues. The population of these devices is huge and multiplying rapidly. Consulting firm Wood Mackenzie estimates that there are currently 30 million grid-connected assets out there in U.S. homes today, with millions more to come. The company forecasts 88,000 megawatts (MW) of ‘residential flexible potential’ by 2023 (by way of context, the total generation capability of the Texas grid is just under 80,000 MW).

From a cybersecurity perspective, that means there are tens of millions of potential attack surfaces that can now enable hackers to connect to utilities. It also means the bad actors don’t have to go after the utilities’ centralized – and relatively well-protected – Supervisory Data Acquisition and Control (SCADA) systems that run their networks. To destabilize the grid, hackers may soon have have tens of thousands of megawatts of relatively unprotected distributed flexible devices whose behavior they can manipulate to destabilize the grid through a coordinated botnet type of attack.

Rothrock cautioned, “To the extent that we become more and more automated in control of extended systems and…we put this attack surface out there, disconnecting things can be very disruptive without destroying anything.”

He is concerned about vendors, who have focused principally on getting products into the market, with little focus on hardening assets from a cyber perspective,

Those vendors, I don’t think they understand the vulnerabilities they have created. We talk to a lot of IoT vendors. Building an IoT device that is hardened is just not on their roadmap. It takes money and time, and they are focused on cheap and plentiful.”

He commented that it would be helpful for regulation to require cyber standards from UL or from IEEE, but there’s not a comprehensive cyber UL yet. The good news is that the SunSpec Alliance – an association of over 100 companies and organizations active in solar energy and inverters aims to change that in the near future. The organization has been coordinating with Sandia National Laboratories in a distributed energy resource cybersecurity group. It noted in a recent webinar (minutes 28 and 29 of the recording) that it has formed six groups to address various areas ranging from access controls to secure network architecture. It also plans to develop specifications for potential future certification by UL.

Read more at Forbes

Sign up for our newsletter!


Recent Posts

Latest news from our blog

Patent Office Invalidates Tigo Energy, Inc.’s Patent Claims

Patent Office Invalidates Tigo Energy, Inc.’s Patent Claims in Response to SunSpec Alliance IPR Challenge SAN JOSE, CA – January 30, 2023 – The SunSpec Alliance, the open information standards  and certification organization for the Distributed Energy Resources (DER)...

Position Opening: Director of Member Services

The SunSpec Alliance is hiring a new Director of Member Services. This position became available when the previous director was promoted to Executive Director. The individual in this role will be a partner to the Executive Director on virtually all aspects of the...

SunSpec Alliance Webinar: 2023 Work Group Project Road Map

We will discuss the 2023 SunSpec Work Group Roadmap to recruit expert contributors for the next phase of DER standards development. When: Tue, January 31, 2023, 8:30 AM – 9:30 AM PSTWhere: Online The SunSpec Alliance, and the over 170 Contributing Members that...

SunSpec & Sandia DER Cybersecurity Webinar

Using artificial intelligence to provide situational awareness and determine the cyber-physical impacts on DER networks. When: Thu, January 26, 2023, 9:00 AM – 10:00 AM PST Where: Online Ransomware attack and forensics on DER inverters Abstract Ransomware attacks are...

Announcement: Sunspec Alliance Membership Dues Increase! 

Dear Members and prospective Members!  Starting April 2023, the price of Contributing Membership will increase from $4,000 to $5,000 per year. SunSpec is updating our annual membership fee to bring you more great services. With this change, SunSpec is expanding the...

SunSpec Alliance is the information standards and certification organization for the Distributed Energy Resource (DER) industry. SunSpec communication standards address operational requirements of solar and energy storage on the smart grid.