Renewable resources can increase cyber threats

July 22, 2018
Renewable resources are good for the environment and reduce consumer costs but they are not a panacea to reducing electric grid cyber threats as utility-scale solar facilities can utilize hundreds of thousands of solar panels with little to no cyber security.

Renewable resources are good for the environment and reduce consumer costs but they are not a panacea to reducing electric grid cyber threats despite the prevailing view by many that renewable resources can reduce the cyber threat to electric utilities. I did a walkdown of several utility-scale solar facilities. Consider your roof-top solar system and multiple that by hundreds of thousands of solar panels and invertors. The solar facilities I visited utilized hundreds of thousands to millions of solar panels. The panels had sensors and invertors while rows of panels had PLCs to adjust the angle of the solar panels (think major IOT implementation). The net result is for the same megawatt output, a solar facility can have SIGNIFICANTLY more Input/Output (I/O) than a comparable fossil power plant (an analogy would be monitoring each lump of coal going into the boiler). The I/O is electronically monitored. Therefore, the generation side of the solar facility can be significantly more cyber vulnerable than a comparable fossil plant. The switchyard (substation) is the same for any power plant as the switchyard does not distinguish what has generated the voltage. The transformers in the switchyard for any type of power plant can include sensors for monitoring load tap changer positions, bushing monitors, gas analyzers, and winding temperatures. None of these sensors are cyber secure nor are the current transformers (CTs) and potential transformers (PTs) providing input to the transformer protection systems (process sensors are outside scope for the NERC CIP standards). Since the input to the SCADA system has no security, how can the SCADA system be secure? This isn’t just a solar farm issue. Wind turbines often have no cyber security and have been hacked. However, as solar and wind farms may not rise to the level of NERC CIP reporting requirements, renewable resources cyber incidents may not be reported. Additionally, controlling renewable resources is very complicated and requires advanced control techniques that are very sensitive to the sensor input. Consequently, renewable resources are good for the environment and reduce consumer costs but they are not a panacea to reducing electric grid cyber threats.

Joe Weiss