March 5th of this year marked the first known cyberattack targeting the U.S. renewable energy industry. New details released this month highlight the simplistic nature of the attack, showcasing the difficulty of providing strong protection for IIoT connected distributed generation resources.
The historic attack caused a generator in the western United States, sPower, to temporarily lose visibility of some parts of its system. sPower is the country’s largest private owner and operator of solar energy. According to NERC’s analysis, an external entity exploited a known firewall vulnerability at one of the utility’s vendors, allowing an unauthenticated attacker to cause unexpected device reboots over the course of 12 hours, and causing communications outages between field devices and the control center. This outage ultimately limited system visibility into 500 MW of wind, with potential for significant loss across three states.
NERC is urging all utilities to use layered defense and employ redundancies for resilience. Distributed energy resources (DERs) are essential assets when it comes to utilities and states meeting clean energy regulatory mandates. However, DERs are remotely operated and directly connected to wide area networks, making them a prime target for attack, especially without mandated industry specific security regulations or requirements. Many DER providers are overly reliant on network access control via firewalls, shared or manufacturer-based credentials and unencrypted passwords. Despite the technological advancement of generation and storage technologies, many solutions use older insecure industrial protocols for operational control. If compromised, DERs can disrupt the operations of the grid, especially around population centers, with significant consequences.
By embracing an application level security solution for DER assets, that continues to protect even if the network is compromised, utilities and DER energy providers can create fine-grained security policies for multi-party and machine to machine interaction while preventing unauthorized access. The Xage Fabric provides universal access control for DER operations, extending protection to millions of previously exposed industrial devices and control systems. The solution secures interactions between the control center and the edge, and protects interactions between DER components regardless of asset type or protocol in use. The Xage Security Fabric also quarantines rogue devices that make unauthorized attempts to compromise the system.
With the growing sophistication of cyberattacks and the increased adoption of DERs, it is no longer an option to deploy minimal, or no, security controls. Utilities and DER asset owners have a responsibility to protect DER assets to ensure grid reliability and resiliency as they would other distribution assets. The industry can start by creating or updating security requirements documented in the utility’s interconnection handbook, and by ensuring all interactions with (and within) DERs are secure. Doing so will enable them to harness the economic and societal benefits of renewable energy.