Friday, November 22, 2013

Microgrids and Security -- More News...

For the past three days I've been attending and speaking at the 3rd Military and Commercial Microgrids Summit in Del Mar, California -- just north of San Diego.  I was invited to speak on a panel entitled "The Role of Microgrids in Military and Commercial Cyber Security" as a result of my article in Jesse Berst's Smart Grid News about this subject back in May.

Overall, this was a very interesting conference organized by Infocast that included a pre-summit technology showcase reviewing microgrid technologies followed by a day and a half summit.  There were approximately eight case studies, seven panel discussions, 11 presentations and over 115 registered attendees.  The topics ranged from microgrid controls and inverters through to commercializing and financing microgrids.  The next microgrid summit is slated for the U.S. East Coast in May 2014 and I'd highly recommend you consider attending due to its content and how well this recent conference was organized.

Now regarding security of microgrids -- the conference dialogue was very refreshing.  Of note, the first three presentations by San Diego Gas & Electric, PriceWaterhouseCoopers and IPERC highlighted the need to include cyber and physical controls in the microgrid deployments.  The IPERC presentation was especially interesting from a controls security perspective in that the microgrid controller communications they have developed are intended to be secure.

The best discussion regarding efforts to overtly include cybersecurity into microgrid deployments was the session on SPIDERS -- an effort paid by the US Department of Defense and led by Sandia National Labs.  As you can see in the graphic below from Sandia Labs, the SPIDERS effort includes four phases and cybersecurity is an intended foundation for these deployments at Joint Base Hickam, Hawaii; Fort Carson, Colorado; Camp Smith, Hawaii; and future deployments.

So, the good news is that I am not the lone voice in the forest worrying about microgrid security; however, it still has a long ways to go -- in my opinion -- before the security elements are built into the microgrid designs and deployments as a standard operating process.

So, what needs to be done?  Here are some ideas:

1)  Build a cybersecurity standard for microgrids that weaves in physical, IT, and Industrial Controls/OT security elements.  Perhaps an extension of NISTIR-7628, Guidelines for Smart Grid Cybersecurity, may be a good start.

2)  Leverage the work done by Sandia Labs in their Microgrid Cyber Security Reference Architecture.

3)  Establish some training modules on microgrid security -- perhaps this could be done under sponsorship of the Electric Power Research Institute (EPRI) or other similar organization to assure vendor neutrality.

It was obvious from the conference that we will be hearing more about microgrids in the future -- let's hope the news is about their cybersecurity resilience rather than weaknesses.

PS -- Happy Thanksgiving to my US readers!  Have a safe week!