Babel Buster Network Gateways: Big Features. Small Price.
ESIF and Security at the Edge of Smart Grids
ESIF names the Energy Systems Integration Facility. The workshop demonstrated both what should be done to secure future energy systems, and how difficult, labor-intensive, and non-scalable this is using standard practice.
the NREL ESIF Cybersecurity Workshop last month. ESIF names the Energy
Systems Integration Facility. The workshop demonstrated both what
should be done to secure future energy systems, and how difficult,
labor-intensive, and non-scalable this is using standard practice.
The first morning
showed off the ESIF’s model of how to secure the un-securable. Using a
rat’s nest of proprietary products, all communications to and from
every sensor were firewalled, and only specific interactions enabled.
No messages were encrypted so every message could be inspected for
appropriateness. The security infrastructure was itself secured and
The rest of the
conference aimed at specific interoperable approaches to accomplish the
goals of securing Operational Technology or OT.
Part of the problem
with securing OT is a fundamentally outmoded approach to operation. At
a time when computing was expensive, phone lines cheap, and data
logging infrequent, a model developed of putting every sensor and every
actuator directly connected to a single computer. This model has long
been named SCADA (Supervisory Control and Data Acquisition).
Two things happened
to break the SCADA model. Phone companies moved out of the business of
providing actual wires to connect sites and moved toward shared
networks. SCADA systems have never been fully secure in shared
networks. Systems became more complex and required a faster response.
In power distribution, this is due to a combination of smaller
operating margins (excess power available at every moment), more
systems to control, including smart meters, and the arrival of
distributed energy resources (DER).
As we move further into DER, we will see more diversity in ownership and in technology.
An owner of an
expensive power production or storage system in a microgrid will want
to operate it for their own benefit. As sophisticated owners add their
own local monitoring and control software, they will begin to see how
often remote operators miss operate the locally-owned equipment,
increasing maintenance requirements while shortening its life.
ownership and operation will also move toward diverse technology. A
local owner will make his own investment decisions, and a remote
operator such as a distribution utility may not know how to operate it.
From the earliest efforts by utilities to tell owners to operate
buildings, following the energy price shocks of 1973, we have seen
smart people forget that the primary purpose of a building system is
not to provide a managed load. (Consider the role of energy
“efficiency” recommendations that did not consider health implications
of short cycling HVAC in a Philadelphia Hotel in 1976).
The future of smart
grids is on edge, in autonomous systems that are built around a deep
understanding of each buildings role and services. Edge based-operation
offers both challenges and benefits to security. Incorporating systems
with different ownership, and operated for different purposes makes
security more complex. For now, regulatory mandates require that
utilities still maintain detailed situation awareness into edge-based
microgrids. Abstract interactions, including those based on the common
transactive services, simplify security while reducing the attack
surface. We will be rebalancing this border continually over the next
The solution is
abstract interactions between autonomous systems that can be locally
operated and maintained. In power markets, this means that systems can
negotiate whether to provide power or not or to purchase power or not,
while the inner workings of each system remain private. The interaction
between the grid and a wind farm that occasionally sells power to the
grid and a district associate that never buys power but occasionally
sells it should be identical. Large system integration relies on
integration using abstract communications, that is, the exchange of
information that does not change often. Fragile or concrete
information, such as the specific internal operations that are directly
affected by changes in technology or equipment, are kept internal to
the systems. This approach to integration is characterized by an
we reduce the attack surface, how will we increase security while
increasing interaction? The ESIF security model requires too much
hand-work and does not support multiple ownership.
The Security Fabric
Alliance has spent four years defining a more forward-looking approach
within the Object Management Group (OMG). OMG specifications are
cookbooks for interoperable implementations of complex combinations of
specifications by multiple vendors. The OMG Security Fabric, due out in
February in 2018, incorporates best practices in military telemetry
with directory-enabled security. Any communications must mutually
authenticate before exchanging information. Despite this requirement,
the Security Fabric has already been demonstrated in synchrophasor
telemetry, a high volume, high-frequency application. I look to the
Fabric appearing in microgrids at the edge soon after its initial
Other efforts incorporate technologies to reduce wide area communications requirements and the effort to require detailed point-to-point security. Blockchain-style distributed immutable databases will replace some requirements for remote data harvesting, and perhaps move into directory services to support security and policy. Edge-based Artificial Intelligence (AI) will reduce the manual set-up required for point-to-point and message-content based rules. I hope to write about these approaches later.
[Home Page] [The
Automator] [About] [Subscribe
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]