Keys to Securing Distributed Energy Resource Management Systems (DERMS)
In This Article
Global energy generation is increasingly becoming digitalized and diversified. With the boom of investments in solar, wave and wind energy generation, the number and variety of sources generating power is expanding exponentially.
The manual decisions grid operators must make every few minutes can impact millions of people. Take the August 2003 blackout, for example; it caused a measurable dip in US Gross Domestic Product. Even in situations with limited energy suppliers and minimal variability in the type of energy being generated, grid operators are constantly required to handle high-stress situations. The growing operational complexity we're seeing is making it nearly impossible for human operators to continue manually managing the grid.
Distributed Energy Resource Management Systems (DERMS) are hardware and software-based platforms that provide the ability to continuously manage diverse and dispersed Distributed Energy Resources (or DERs, e.g., solar, wind, electric vehicles, energy storage), either individually or collectively. DERs contributes to and takes from larger grids. A DERM enables real-time communication--through sensors and receivers--and management across the DERS and the larger grid of which they are connected. The grid itself is operated by a public utility, municipal utility or investor-owned utility (IOU).
DERs are often owned and operated by third parties, and, unlike public utilities and IOUs, they are not currently governed by NERC CIP reliability standards, though that may change. DERS are also heavily impacted by externalities (i.e., weather) that are not directly monitored by the public utility or IOU. These differences, from historic grid operations, bring with them new and concerning cybersecurity challenges.
Automation and orchestration are absolute necessities for scaling IT organizations, but unless systems are all implemented correctly, errors may spiral on the backend. In other words, when a process is automated, there becomes fewer points for a human to recognize and stop or reverse a malfunction or issue, which may then surmount into further challenges.
Additionally, low-latency requirements pose challenges for implementing cybersecurity functions, reducing options to thwart attacks.
The reliance on third-party data to effectively manage grid expansion is another reason for increased vulnerabilities. Some examples of the data include:
- Current weather and forecasts
- Energy demand forecasts
- DER generation asset status
- ADMS (advanced distribution management systems) integration
Other third parties, such as the companies that own and manage the DERs generation and storage assets, may require grid access. Remote assets are often not owned by the IOU and not regulated by NERC, limiting the IOU's ability to directly enforce physical security, increasing reliance on, and susceptibility to, these third parties. Examples include:
- Private solar or wind farms
- Residential solar panels and batteries connected to private Wi-Fi
- Energy generation entity
Regardless of where the grid is located, the technology and services partners, including original equipment manufacturers (OEMs), are often global. This means that remote support may be coming from international locations, which can pose issues due to specific restrictions regulating international support.
There is speculation that NERC will expand its coverage. Potential future compliance should be considered.
As with any connected industrial environment, there are several security controls that entities should implement or enhance to ensure risk remains in check.
This is one of the most important security measures to ensure proper control of communication between assets. Deny all communications by default and allow by exception. Ensure there is no direct communication from a critical asset to a third party or direct communication from a third party to a critical asset.
Software defined networking can be used to dynamically change network, e.g., moving target defense (respond).
Any required communications with a third party should utilize an intermediary device to stage data or act as a proxy for external communications. Staged data for consumption by the critical asset should be verified to ensure integrity.
Data traversing untrusted (or lower security) networks should be protected (e.g., encrypt in transit).
Situational awareness is a very important aspect of a robust detection and response program. Ensure critical systems are inventoried and audited periodically, communications are baselined, and that an ICS intrusion/anomaly detection system is in place. Understanding the process and protocols is paramount, as traditional intrusion detection systems lack the capability to inspect industrial protocols.
Access control ensures that only authorized users (internal and remote) can access critical systems. For industrial environments, a separate authentication mechanism (vs. enterprise) should be used to ensure an enterprise compromise does not result in a critical system/asset compromise. Employ two-factor authentication and prohibit the use of shared accounts.
Physical security is an important consideration, especially for remote assets. Ensure that physical access controls are in place to protect assets and communications equipment. Loss of physical control of an asset can result in a cybersecurity incident.
Implement NERC-CIP requirements on assets that fall within the scope of regulation and implement NERC-like program (architecture/controls) to ensure future-proofing the environment in cases where NERC-CIP is not a requirement.
The complexities of securing DERMs are real and growing, but grid operators do not need to solve these challenges alone. WWT serves more than 70 energy and utility providers, helping to improve customer and worker experiences, optimize operational visibility and efficiency, and strengthen their security postures.