Grid enhancing technologies: How to manage new cybersecurity risks

Grid enhancing technologies (GETs) like DLR offer tremendous advantages to network operators and consumers. But, if implemented incorrectly, they can potentially introduce new vulnerabilities to cyberattacks, writes Faraz Khan, principal enterprise architect from Ampacimon.

GETs live up to their name, they’re intelligent and efficient. They offer unprecedented advantages to do things better, maximising network asset value while maintaining reliability. Dynamic Line Rating (DLR) is one way of using GETs to unleash transmission capacity that is often hidden in plain sight.

Established safety margins for transmission capacity are typically based on the most extreme conditions to ensure reliability in all weather conditions. Utilities can establish safe limits by considering physical and thermal loads, coupled with data on weather conditions and an understanding of the materials, transmission conductors are made from. For example, higher temperatures can change the tensile strength of materials, while wind can aid in cooling conductors.

Asset optimisation is possible with wind and weather data, smart sensor devices, and software providing accurate real-time insights into line conditions. By using DLR systems, power lines can transport up to 40% more power than possible under standard operating conditions. This compares with capacity gains of perhaps 5-10% when using the simpler Ambient Adjusted Ratings model.

While the benefits of additional transmission capacity are obvious and substantial, perhaps less clear are the potential vulnerabilities associated with some network sensor technologies. Without adequate protection, systems can be open to common threats, including unauthorised system access (potentially leading to malware injection such as ransomware), denial-of-service attacks, and data manipulation (such as altering sensor readings).

The consequences of poor cybersecurity for grid assets could be substantial. Where security has been compromised, DLR systems could be used to misrepresent line capacity. This may result in unnecessary load shedding and overstate transmission capacities, pushing lines beyond their thermal limits that could ultimately lead to failures or safety-related incidents.

More on cybersecurity:
Siemens to embed blockchain for energy device security
ALiEnS-SOC launched for cybersecurity of Slovenia’s energy sector

Big data, big challenge

Clearly, for the analysis that underpins DLR to succeed, large volumes of data must be transmitted in real time. DLR relies on two primary data sources: the weather provider sending real-time forecasted ambient temperature, wind speed, wind direction, and solar irradiance, and the line sensors measuring the conductor temperature, sag, and wind characteristics. Key factors in delivering optimal asset outcomes include the availability of precise weather data, reliable and accurate sensor measurements, and robust thermal models of individual conductors. The conclusions drawn from sophisticated DLR analysis must then be integrated into Energy Management Systems (EMS) and market systems to deliver actionable outcomes and tangible benefits to utilities and customers.

However, much of this critical raw data is derived using equipment that is ultimately connected to the internet. Given that multiple real-time data transfers must take place for the DLR system to operate, cybersecurity is crucial. Not only does the integration of sensors and communication networks create multiple routes for cyberattacks that must be secured, but the very nature of DLR systems presents particular security challenges. Transmission lines and the sensor systems used to monitor them are frequently located in remote areas. This DLR equipment is thus broadly distributed, while devices deployed in the field such as line sensors and weather stations are also often left vulnerable to physical tampering and remote cyberattacks.

Focus on cybersecurity

To prevent cybersecurity breaches, users must consider both physical and digital protection. Therefore, a range of measures must be adopted to ensure a holistic approach to security, ensuring vulnerabilities are addressed at every stage and critical data is secured. Meanwhile, endpoints such as sensors must be protected with robust authentication, encrypted communication, and regular security updates. To prevent unauthorised access, all field-deployed equipment should incorporate tamper-resistant features and continuous monitoring to detect any anomalies generated by external interference. Real-time intrusion detection systems can respond to cyberattacks as they emerge and before any disruption to operations.

Real-time data streams to central management systems must also be protected against attacks and data manipulation. Users must think pragmatically about cybersecurity and make suitable choices based on their unique needs. For example, the rating calculation engine may be hosted on the premises or as a cloud-based model. The choice between cloud-based or on-premises security is complex and can only be made with a deep dive into operational requirements and security priorities. For on-premises security, each business owner will own all the equipment, which is physically secure behind locked doors and security personnel, for example. While this means nothing is hosted online and the potential routes to access are thus limited, operational costs are typically much higher than for the cloud-based alternatives.

Adopting solid measures for continuous improvement in cybersecurity is a tried-and-true mechanism for maintaining robust security in an evolving threat landscape. For example, plan, do, check, and act (PDCA) is a four-step common project management framework that can help identify and address emerging security threats. An iterative process, PDCA helps establish clear security objectives and build a process for introducing appropriate measures. These security decisions are then tested to assess the outcomes. Any improvements are implemented, and the cycle is repeated.

The primary function of cybersecurity in the context of DLR is to isolate critical data and prevent unauthorised manipulation, using read-only access protocols with minimal scope for data writing, for instance. However, not all data is vital. The substations’ location and conductor routing are often already in the public domain and can easily be found online with a simple search. To inform a cybersecurity strategy, DLR users should consider the worst-case scenario and analyse the potential consequences of any potential intrusion. This exercise will then inform the appropriate security considerations that are required. While ensuring that data used for dynamic ratings is authentic and unaltered and retains its integrity, the need for rapid data flow and operational flexibility must be balanced with robust security checks and potential cybersecurity exposure. Cybersecurity must be built into every layer of the DLR system, but this evaluation must be designed to ensure that continuous operation of the measureme
nt and control systems is possible.

Cybersecurity standards

While cybersecurity is an important consideration, it should not impede the adoption of GET like DLR. Hundreds of network sensors have already been installed in Europe and the USA. For example, in Belgium, DLR implementation has prompted the development of a dense array of more than 150 sensors, allowing for continuous monitoring of clearance below the lines. Each of these devices must be capable of transmitting information to the rating calculation engine to conduct a detailed analysis.

In North America, DLR implementations must comply with the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) standards. These rules establish reliability requirements for planning and operating the North American bulk power system and define the functions that need to be performed to ensure the Bulk Electric System operates reliably. They include a cybersecurity framework for system assets like transmission lines, including those equipped with GETs smart grid technology, which may influence critical transmission lines. The CIP standards mandate security controls, including electronic security perimeters, system access management, security patch management, and incident reporting protocols. NERC-CIP-002, for example, requires operators to identify and categorise cybersystems assets within the bulk energy system based on their potential impact. Under these guidelines, many DLR installations qualify as medium or high-impact systems.

Transmission System Operators (TSOs) and utilities must ensure their servers and endpoints meet all the CIP requirements for configuration change management, information protection, and supply chain risk management. This compliance ruling also includes maintaining system documentation, conducting vulnerability assessments, and implementing access control mechanisms. Similarly, any third-party vendors must demonstrate their products can operate within these secure environments and support additional security features like role-based access control and audit logging.

Furthermore, where NERC-CIP rules do not apply, DLR systems may align with the ISO-27001 Information Security Management System (ISMS) framework. A set of policies, processes, and practices that help organisations manage risks related to sensitive data, ISO-27001 provides a systematic approach to managing grid information. It addresses risk assessment, asset management, operational security, and incident management for DLR systems.

Similar rules govern cybersecurity for the electricity system network in Europe. The Network Code on Cybersecurity (NCCS) sets a European standard and includes rules on cyber risk assessment, common minimum requirements, cybersecurity certification of products and services, monitoring, reporting, and crisis management.

Installing DLR systems can take less than a year and does not require downtime. At the same time, it offers multiple operational advantages including improved service and reliability, reduced grid congestion and lower costs, and deferred capital expenditures. It is therefore an approach that represents a critical advancement for transmission and distribution systems and is being more widely mandated in regions such as the USA. However, while the benefits are abundant, so are the threats. Getting smarter about grid management means getting smart with cybersecurity.