Challenges to Securing Information in the Next-Generation Electric Grid

If I asked you to envision the electric grid, you would probably think of a big, complex, physical system with lots of steel, copper, and concrete: towers, wires, transformers, and power plants. But the electric grid is also a vast, complex information system: data about the state of grid components, operational commands, and coordination messaging constantly flow back and forth among grid devices, control centers, and other grid nodes. As we modernize America’s electric grid by implementing digital controls, integrating distributed generation sources, and adding cloud-connected loads at scale, an information security breach can be just as disruptive to the grid as a breakdown of its physical components. The next generation grid must be cybersecure (resistant to such breaches) and cyber-resilient (easily recoverable from these breaches when they do occur).

In honor of Cybersecurity Awareness Month, I would like to highlight some challenges to protecting information flows on the electric grid and share some of the important work we are doing in the Office of Electricity (OE) to achieve the goal of a secure and resilient grid. In addition to incorporating “secure by design” solutions into every aspect of our work, our Grid Controls and Communications Division manages the SecureNet program focused on architecting the critical communications systems that underlie grid operations.

A secure communications system protects the end-to-end pathway that transports data from one point to another. On the electric grid, this pathway may involve different transmission methods, such as optical fiber, copper wire, and microwaves; it transports a variety of data, including grid state information and control messaging; and it carries a variety of analog and digital message formats. Securing this end-to-end communications pathway involves preventing unauthorized access and monitoring traffic to identify anomalous activity without compromising the confidentiality, integrity, or availability of the data. Communications security methods complement cybersecurity approaches used to protect data at its origin and destination.

Securing grid communications is challenging, as OE outlined in a recent series of white papers. Our first paper discusses ways that the grid is changing and implications for grid communications. The “legacy” electric grid operated as a centrally controlled system delivering power unidirectionally from large generation plants to customer loads, which generally followed predictable patterns. The evolving grid is much more distributed, with increasing numbers of customer-owned generators (e.g., solar panels), battery banks, and smart loads that can modulate their consumption based on grid conditions (e.g., electric vehicle chargers and building climate control systems). Power flow—and hence information flow—is no longer unidirectional. Grid communications systems must deliver data with higher volume, velocity, variety, and veracity—and from more sources—than ever before.

Our second paper highlights both the value and risks of integrating data from these Distributed Energy Resources (DERs) at the grid edge into distribution and bulk power system operations: it will enable better coordination and efficient grid operation, but it will also potentially expose traditionally isolated operational technology networks to vulnerabilities in consumer-grade commodity information technology.

The third paper describes how, in light of these changes, the electric grid is increasingly dependent on commercial communications networks outside of electric utility ownership and control—and how telecommunications providers are also dependent on the grid. Lack of coordination between these two sectors can exacerbate the ability to maintain reliability and conduct effective recovery on both types of systems.

The fourth paper notes the variety of communications protocols in use on the grid today, the lack of a harmonized, coherent architecture to ensure secure communications, the different regulatory structures that apply to different portions of the power system, and the tension between cost competition and implementing robust security.

Secure and reliable power delivery requires interoperable, secure communications to facilitate integrated coordination and control of grid assets from the grid edge through the distribution system to the bulk-power system. The white papers highlighted here will motivate further discussion around how we achieve this goal, but they already reveal several common themes that hint at the direction we must take in designing and implementing the next-generation grid communications architecture:

• The changes to the grid trend towards decentralized, market-driven evolution rather than traditional, centralized planning and operation. No single owner controls the entire communications path.
• Information requirements can change to support new use cases.
• The pace of change on the grid is much faster than traditional utility planning processes.
• In a market-driven environment, communications security must compete with other priorities and demonstrate value.
• Securing grid communications is a team sport, requiring participation from electric utilities, communications providers, investor- and customer-owned DERs, system operators, equipment vendors, and regulators.

Through SecureNet, OE will bring stakeholders together to discover gaps, identify needs, and explore how secure communications can enable new capabilities for the electric system of the 21st century. Please consider participating in a series of Department of Energy-sponsored webinars, workshops, and conferences in 2024 and beyond to drive consensus toward an innovative, cost-effective, and secure architecture for grid communications.

Click here to access more of our research reports.