DESC0023752

The level of distributed energy resources – small-scale energy sources sending power to the bulk power system, such as rooftop solar panels – is dramatically increasing, posing a cybersecurity risk for America’s power grid. Distributed energy resources greatly increase the number of devices that are owned and controlled by consumers and third parties, with a significant dependency on digital communication and control, a point of exposure for cyberattacks. Such attacks can prevent a utility from performing necessary control actions and have catastrophic consequences, harming grid reliability and stability, affecting public safety, and incurring large costs to respond to a cybersecurity incident. In 2022, the leading North American electric power reliability entity reported that distributed energy resources are often internet-connected and have little or no cybersecurity requirements. A Department of Energy report calls for addressing cybersecurity threats as a “designed-in” consideration for distributed energy resources.Current encryption and authentication solutions are insufficient, as a vast majority of distributed energy resources lack sufficient built-in authentication mechanisms. Current firewalls and network monitoring tools are not equipped to handle the custom engineered nature of the operational technology network and run on commodity operating environments, exposing a wide attack surface and single points of failure, susceptible to botnet and other attacks.The proposed provably secure, modular, distributed energy resource monitoring framework will utilize mathematically-backed, secure, network monitoring that is immune to entire classes of adversarial attacks, such as spoofing and flooding, that impact security and reliability. This provably secure, modular, distributed energy resource monitoring approach will effectively eliminate the single point of failure for monitoring and provably guarantees that communication to and from a distributed energy resource is isolated, attributable and always passed through an associated analytic stack on the monitoring domain before being forwarded. This provides the “designed-in” guarantee that a malicious distributed energy resource will be unable to bypass its network traffic analysis/enforcement. This in turn will help accurately visualize and integrate distributed energy resources within a complex operational technology environment and log information about tamper-proof assets.Provably secure, modular, distributed energy resource monitoring and attribution will help ensure safe, large-scale integration of distributed energy resources into the power grid through providing ironclad, mathematically-backed cybersecurity, without degrading grid reliability, stability or performance.