Cybersecurity: The Hackers are Already Through the Utilities’ Doors, so What’s Next?

SunSpec in the news - Forbes Cybersecurity image

Originally published by Forbes. Visit their site for the full piece.

In a distributed world, attack surfaces multiple rapidly and grid edge devices can become weapons

The problem gets worse as the growth of distributed networks of assets create potentially critical issues. The population of these devices is huge and multiplying rapidly. Consulting firm Wood Mackenzie estimates that there are currently 30 million grid-connected assets out there in U.S. homes today, with millions more to come. The company forecasts 88,000 megawatts (MW) of ‘residential flexible potential’ by 2023 (by way of context, the total generation capability of the Texas grid is just under 80,000 MW).

From a cybersecurity perspective, that means there are tens of millions of potential attack surfaces that can now enable hackers to connect to utilities. It also means the bad actors don’t have to go after the utilities’ centralized – and relatively well-protected – Supervisory Data Acquisition and Control (SCADA) systems that run their networks. To destabilize the grid, hackers may soon have have tens of thousands of megawatts of relatively unprotected distributed flexible devices whose behavior they can manipulate to destabilize the grid through a coordinated botnet type of attack.

Rothrock cautioned, “To the extent that we become more and more automated in control of extended systems and…we put this attack surface out there, disconnecting things can be very disruptive without destroying anything.”

He is concerned about vendors, who have focused principally on getting products into the market, with little focus on hardening assets from a cyber perspective,

Those vendors, I don’t think they understand the vulnerabilities they have created. We talk to a lot of IoT vendors. Building an IoT device that is hardened is just not on their roadmap. It takes money and time, and they are focused on cheap and plentiful.”

He commented that it would be helpful for regulation to require cyber standards from UL or from IEEE, but there’s not a comprehensive cyber UL yet. The good news is that the SunSpec Alliance – an association of over 100 companies and organizations active in solar energy and inverters aims to change that in the near future. The organization has been coordinating with Sandia National Laboratories in a distributed energy resource cybersecurity group. It noted in a recent webinar (minutes 28 and 29 of the recording) that it has formed six groups to address various areas ranging from access controls to secure network architecture. It also plans to develop specifications for potential future certification by UL.

Read more at Forbes

Subscribe

Recent Posts

Latest news from our blog

SunSpec & Sandia DER Cybersecurity Webinar

Using artificial intelligence to provide situational awareness and determine the cyber-physical impacts on DER networks. When: Thu, November 17, 2022, 9:00 AM – 10:00 AM PST Where: Online

2022 SunSpec alliance member meeting & der technology conference

SUNSPEC 2022 MEMBERS MEETING Purchase tickets and reserve rooms by November 7th, 2022 to secure lowest cost. About the event SunSpec sets the communication standards that define the Distributed Energy Resource (DER) management and Electric Vehicle (EV) charging...

SunSpec Alliance is the information standards and certification organization for the Distributed Energy Resource (DER) industry. SunSpec communication standards address operational requirements of solar and energy storage on the smart grid.