Renewable resources can increase cyber threats

  /  ICS Security   /  Cybersecurity   /  Renewable resources can increase cyber threats
solar cyber threads

Renewable resources can increase cyber threats

Renewable resources are good for the environment and reduce consumer costs but they are not a panacea to reducing electric grid cyber threats despite the prevailing view by many that renewable resources can reduce the cyber threat to electric utilities.

I did a walkdown of several utility-scale solar facilities. Consider your roof-top solar system and multiple that by hundreds of thousands of solar panels and invertors. The solar facilities I visited utilized hundreds of thousands to millions of solar panels. The panels had sensors and invertors while rows of panels had PLCs to adjust the angle of the solar panels (think major IoT implementation). The net result is for the same megawatt output, a solar facility can have SIGNIFICANTLY more Input/Output (I/O) than a comparable fossil power plant (an analogy would be monitoring each lump of coal going into the boiler). The I/O is electronically monitored. Therefore, the generation side of the solar facility can be significantly more cyber vulnerable than a comparable fossil plant. The switchyard (substation) is the same for any power plant as the switchyard does not distinguish what has generated the voltage. The transformers in the switchyard for any type of power plant can include sensors for monitoring load tap changer positions, bushing monitors, gas analyzers, and winding temperatures. None of these sensors are cyber secure nor are the current transformers (CTs) and potential transformers (PTs) providing input to the transformer protection systems (process sensors are outside scope for the NERC CIP standards). Since the input to the SCADA system has no security, how can the SCADA system be secure? This isn’t just a solar farm issue.

Wind turbines often have no cyber security and have been hacked. However, as solar and wind farms may not rise to the level of NERC CIP reporting requirements, renewable resources cyber incidents may not be reported. Additionally, controlling renewable resources is very complicated and requires advanced control techniques that are very sensitive to the sensor input. Consequently, renewable resources are good for the environment and reduce consumer costs but they are not a panacea to reducing electric grid cyber threats.

This article was published originally here and is republished with the permission of Joseph Weiss. 

joseph-weiss-authorThe article was written by Joseph Weiss, an industry expert on control systems and electronic security of control systems, with more than 40 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems.