The Industrial Internet of Things, or IIoT, refers to the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy, and industrial sectors. In the energy sector, distributed energy resources (DERs), such as solar photovoltaic panels and wind turbines, introduce information exchanges between a utility’s distribution control system and the DERs to manage the flow of energy in the distribution grid. These information exchanges often employ IIoT technologies that may lack communications security. Additionally, the operating characteristics of DERs are dynamic and significantly different from those of traditional power generation capabilities. Timely management of DER capabilities often requires a higher degree of automation. Introduction of additional automation into DER management and control systems can also introduce cybersecurity risks. Managing the automation, the increased need for information exchanges, and the cybersecurity associated with these presents significant challenges.
The National Cybersecurity Center of Excellence (NCCoE) is proposing a project that will focus on helping energy companies secure IIoT information exchanges of DERs in their operating environments. As an increasing number of DERs are connected to the grid there is a need to examine the potential cybersecurity concerns that may arise from these interconnections.
Our goal in this project is to document an approach for improving the overall security of IIoT in a DER environment that will address the following areas of interest:
- The information exchanges between and among DER systems and distribution facilities/entities, and the cybersecurity considerations involved in these interactions.
- The processes and cybersecurity technologies needed for trusted device identification and communication with other devices.
- The ability to provide malware prevention, detection, and mitigation in operating environments where information exchanges are occurring.
- The mechanisms that can be used for ensuring the integrity of command and operational data and the components that produce and receive this data.
- Data-driven cybersecurity analytics to help owners and operators securely perform necessary tasks.