Connect with us

Hi, what are you looking for?

CleanTechnica

Clean Power

Microgrid Cybersecurity Tightens With Standards Adoption

Hackers targeting the electrical grid, your local utility, or the solar microgrid your home is linked into will have a harder time disrupting your electrons in the near future. Manufacturers of electronic equipment used in smart homes, in microgrids, and in utilities are beginning to adopt a set of cybersecurity standards set out by the Underwriters Laboratory. At the same time, manufacturer-sponsored test hacking is helping to drive more frequent —and more secure — firmware and software upgrades.

Hackers targeting the electrical grid, your local utility, or the solar microgrid your home is linked into will have a harder time disrupting your electrons in the near future. Manufacturers of electronic equipment used in smart homes, in microgrids, and in utilities are beginning to adopt a set of cybersecurity standards set out by the Underwriters Laboratory. At the same time, manufacturer-sponsored test hacking is helping to drive more frequent —and more secure — firmware and software upgrades.

Common points of vulnerability in microgrids, which are becoming indispensable generation sources for the US grid, are wired and wireless communications devices used to control — read shut down — monitor, repair, and reboot a system or a piece of equipment within the system.

Image: Eaton

“A distributed architecture in the energy space would be like having many smaller energy grids (read: microgrids) instead of a single, monolithic grid. With many microgrids, we go from a single point of failure to many points of failure. That might sound bad at first, but a system with many points of failure is more resilient than one with a single point of failure,” observes Christian Zdebel, a cybersecurity consultant at SilverSection.

“For example, If each U.S. state had its own power grid, a bad actor would have to take down 50 state-level grids to disrupt the whole country. Fifty (hypothetical) state-level microgrids, however, also increase the ‘attack surface,’ or the opportunities for intrusion and disruption from bad actors in cyberspace,” Zdebel says. “Increased resilience through microgrids demands that each microgrid operator adopts a sufficiently strong cybersecurity posture,” he adds.

While the utilities are routinely on the lookout for “bad actors” seeking to hack the big grid, microgrid operators must do the same for their equipment on a much smaller budget. Thus microgrid operators and individual smart home owners will seek to relegate the task to their equipment providers — if the chosen provider is proactive in this space.

For example, the communications ports of smart home controllers, which are common in microgrids, are a weak spot. On December 5, Eaton sent out a notice to owners of its xComfortSmartHomeController, alerting that a “potential vulnerability” had been detected, and that a new firmware download would cover the nominal breach.

Eaton is one of the electrical component and system manufacturers cooperating on cybersecurity and testing practices with UL, the global safety consulting and certification company headquartered in Northbrook, Illinois.

UL came out with the first edition of a cybersecurity standard in July 2017, the UL Standard for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements, UL 2900-1, which was published as an ANSI (American National Standards Institute) standard.

This UL standard “applies to network-connectable products that shall be evaluated and tested for vulnerabilities, software weaknesses and malware and describes: (a) requirements regarding the software developer (vendor or other supply chain member) risk management process for their product; (b) methods by which a product shall be evaluated and tested for the presence of vulnerabilities, software weaknesses and malware; and (c) requirements regarding the presence of security risk controls in the architecture and design of a product,” UL says.

The UL Cybersecurity Assurance Program (UL CAP) also aims to minimize risks by creating standardized, testable criteria for assessing software vulnerabilities and weaknesses. This in turn helps reduce exploitation, address known malware, enhance security controls and expand security awareness, UL explains.

“We seek to help manufacturers, their customers and other stakeholders mitigate security risks through science-based assessment and evaluation,” said Ben Miller, president of the Commercial and Industrial business unit of UL,” in a statement earlier this year.

Eaton is the only company in the industry to have two labs approved to participate in UL’s Data Acceptance Program for cybersecurity, which includes the Eaton cybersecurity research and testing facility in Pittsburgh, the first lab approved to participate in UL’s program, the company says. Recently, Eaton’s innovation center in Pune, India was added to the program, and can also test global products under specs of the UL.

Another way Eaton is pro-actively assuring the security of its devices is through the work of its new Eaton Cybersecurity SAFE (Security Assessment and Forensic Examination) Lab at Rochester Institute of Technology (RIT), which provides students with hands-on experience in solving cybersecurity challenges.

“Eaton’s proactive and consistent enterprise-wide approach to cybersecurity provides customers with confidence that our digital solutions meet rigorous testing standards to operate securely worldwide,” said Michael Regelski, senior vice president and chief technology officer of the Electrical Sector at Eaton, in a November statement.

 

Advertisement
 
Appreciate CleanTechnica’s originality? Consider becoming a CleanTechnica Member, Supporter, Technician, or Ambassador — or a patron on Patreon.
 
Have a tip for CleanTechnica, want to advertise, or want to suggest a guest for our CleanTech Talk podcast? Contact us here.

Written By

Charles specializes in renewable energy, from finance to technological processes. Among key areas of focus are bifacial panels and solar tracking. He has been active in the industry for over 25 years, living and working in locations ranging from Brazil to Papua New Guinea.

Comments

You May Also Like

Clean Transport

Members of the electric vehicle (EV) industry gathered at the National Renewable Energy Laboratory (NREL) in early April to evaluate enhanced cybersecurity for the...

Cleantech News

Why I believe the EARN IT act is something we should all oppose.

Clean Power

The Cybersecurity Value-at-Risk Framework Allows Hydropower Operators To Assess Their Risks and Make Informed Investments for Enhanced Cybersecurity

Batteries

Not long ago, 100% renewable energy was a distinction reserved for remote communities avoiding costly energy imports. But now, some U.S. states are reaching very...

Copyright © 2021 CleanTechnica. The content produced by this site is for entertainment purposes only. Opinions and comments published on this site may not be sanctioned by and do not necessarily represent the views of CleanTechnica, its owners, sponsors, affiliates, or subsidiaries.