Distributed Energy Resources (DERs), including solar, energy storage, and electric vehicle (EV) charging infrastructure, are revolutionizing how electricity is generated and consumed across the globe. California is leading the energy revolution and has policies in place that require 100% of energy generated in California come from renewable sources by the year 2045. A significant portion of this capacity will come from DERs installed on homes, commercial buildings, and campuses.
To achieve state DER deployment goals, the state of California modified its interconnection rule (California Rule 21) to require that all systems installed after August 22, 2019 be capable of communicating with the host utility. The default DER-to-utility communication standard is IEEE 2030.5. Configuration options stipulated the Common Smart Inverter Profile (CSIP) document refine California requirements. California Rule 21 states that products using the communication standard shall be evaluated against the SunSpec Alliance compliance criteria.
Approximately 250,000 DER systems per year will require SunSpec Certification to the IEEE 2030.5/CSIP standard in California by 2020. The IEEE 2030.5 standard includes a requirement for Transport Level Security (TLS), implying the use of cryptographic keys installed on communication devices. Ultimately, millions of systems must comply to these standards. To address these critical needs, the SunSpec Alliance has partnered with Kyrio, a qualified provider to deliver Public Key Infrastructure (PKI) services.
A Public Key Infrastructure is:
- A system for the creation, storage and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity
- IEEE 2030.5/CSIP requires use of security attributes provided by a PKI
PKI Hierarchy and Structure
PKIs are generally segregated into branches according to the type of element and the security properties characteristic of elements of that type. Each type of element is grouped under a separate sub-CA that issues certificates with data and properties appropriate for those element types. For example, end device elements might have a very long certificate validity period if they are deployed in the field and are difficult to update. Servers on the other hand, might have shorter life certificates because they are easier to update and are also potentially more vulnerable due to their dependency on software for key storage.