The world is changing rapidly as renewable energy penetration increases. Declining renewable energy costs mean it could be feasible to power the U.S. on 90% clean electricity by 2035, according to a study by UC Berkeley and GridLab. Rapid adoption of non-carbon fuel sources is a trend that seems likely to continue for the foreseeable future.
At the same time, the world is becoming less secure. Cybersecurity threats to operational technology and inverters, that are increasingly Internet-connected to help run the electric grid, are escalating. Atlas VPN reports that cybercrime totals $1.5 trillion in revenue annually — that’s three times the annual revenue of Walmart. In short, cyber crime is a lucrative career for hackers.
When it comes to utility-scale solar plants, Internet-enabled smart inverters are especially at risk because they communicate with the grid to perform management functions. There’s potential for hackers to tap into these inverter communications, throwing the grid voltage out of control, which could lead to brownouts or blackouts. The potential for damage is especially alarming when compounded with the increasing frequency of natural disasters.
Research labs and inverter manufacturers are taking steps to ramp-up cybersecurity within the inverter itself. However, the flow of information on the grid is really complex. There are market and load management systems that communicate with balancing authorities connected to utilities. These systems tap into project supervisory control and data acquisition (SCADA) systems and, finally, the power plant controller (PPC). This leaves a lot of links within the chain vulnerable to cybersecurity risk.
Is there a solution to mitigate risk effectively? One approach is to introduce cybersecurity protection at the renewables power plant control level. Alleviating breach risk within solar plant communications helps protect the inverter and, therefore, the solar plant and grid as a whole.
Protecting the inverter through solar plant controls
First, it helps to understand some basic solar plant operations and architecture. Power plant controls consist of software and hardware, including a PPC and SCADA system. Site operators use a PPC to control plant behavior like production levels, revenue, compliance and grid stability. The PPC communicates with the plant’s SCADA system and field devices like inverters over a power plant network using industry-standard communication protocols like Modbus, TCP or DNP3. The SCADA system serves as a security gateway that allows or restricts the flow of information between the plant and inverter networks.
The hardware and software associated with the plant control and SCADA systems are housed within an enclosure in a substation outside of the solar plant. They connect to the inverter and other field devices through a network of fiber-optic cables.
Attacks can occur anywhere along the plant architecture. Hackers can embed malicious malware onto the inverter’s communication board, plug into the port of the enclosure that hosts the fiber-optic cables or infiltrate the plant control network. Such events can jeopardize the plant’s reliability by tripping a circuit breaker at the point of interconnection or curtailing inverters to disrupt power generation, rapidly affecting the project’s power output. Even more damage could be done by controlling the inverter’s reactive power injection or absorption, leading to grid voltage spikes or drops.
So what’s to be done?
As inverter manufacturers work to strengthen security directly within the inverter’s communication board, added protection along the power plant control system creates further safeguards. For example, an intrusion alarm can signal operators through the SCADA system if the door to the fiber optic network enclosure has been opened. Operators can also include a list of authorized users to restrict access to plant controls according to IP addresses. It’s even possible to define what type of device is allowed to exchange information in a network port and instruct the system to block anything else.
As an added measure of protection, Merit Controls also recommends security methods more specific to inverters, such as separating each device’s IP network so that one inverter can’t ‘talk’ directly to another. All communication must occur through the secure SCADA system, which filters traffic. A plant control system also continuously monitors inverter configurations — manufacturer programs for how to regulate frequency, voltage ride-through and more on a specific site. Hackers could potentially change these values and jeopardize the plant’s reliability, but the right renewables plant control systems will alert operators immediately if a change is detected.
Another recommendation we suggest is to use ring communication protocols for fault redundancy. Ring protocols dictate how field devices like inverters are connected to communicate — in this case, in a ring rather than in a linear configuration. This means if one inverter is down for maintenance, the rest of the network will still be able to talk, hence avoiding the whole system disconnecting due to a single point of failure.
We recommend using standard naming conventions and communication protocols (media redundancy protocol (MRP) for ring topology; OPC UA, Modbus or DNP3 protocols for the SCADA system filtering, IEC 61131-3 for vendor-independent programming language, etc.) because proprietary or third-party protocols can introduce more risk. Standards widely accepted by the industry make it easier to audit the plant and troubleshoot issues to ensure long-term project success.
Future-proofing against attacks
As cybersecurity threats only continue to proliferate, security officials are adjusting existing cybersecurity programs. For example, the North American Electric Reliability Corporation (NERC) recently partnered with the U.S. Department of Energy on two pilot projects within the organization’s Cybersecurity Risk Information Sharing Program (CRISP) to capture data from SCADA and industrial control systems. NERC plans to use this data to help monitor for hacking and strengthen grid security. Also, NERC’s Electricity Information Sharing and Analysis Center (E-ISAC) is working to guard against malicious activity on utilities’ business networks.
The pilots help advance how CRISP collects and shares information, and should help identify threats to utilities’ industrial control systems by capturing “raw and/or refined operational technology data” and comparing it with data that utilities send to them.
On behalf of our clients, Merit Controls monitors daily ICS-CERT alerts from the Cybersecurity & Infrastructure Security Agency to stay updated on new vulnerabilities and attacks. We recommend project stakeholders do the same. Making sure the SCADA and PPC firmware is always up to date is important too.
It’s hard to say what the next cyberattack on power generation systems will look like, or where it will come from. What we do know is that taking security measures now will ensure the best possible protection for inverters and other important solar plant components. At Merit Controls, safeguarding the components that power our grid is not only our ethos, it is also our responsibility as a vendor in this industry. A smart cybersecurity framework will protect solar and other distributed energy resources, ensuring the security of our critical infrastructure and enabling the advancement of a cleaner, secure and more resilient grid.
Tom Kuster is the CEO of Merit Controls. Merit has teamed up with Sungrow to provide turnkey technology solutions to address cybersecurity concerns.
— Solar Builder magazine