skip to main content
DOE PAGES title logo U.S. Department of Energy
Office of Scientific and Technical Information

This content will become publicly available on March 23, 2020

Title: Risk Assessment at the Edge: Applying NERC CIP to Aggregated Grid-Edge Resources

Abstract

Distributed energy resources (DERs) promise to deliver benefits for both utilities and consumers by dynamically interoperating utility systems with customer-owned grid-edge technologies. These small energy-consuming devices are increasingly being aggregated for participation in grid markets, planning and operations. A cyber attack penetrating the control system of aggregated DERs could negatively impact the operation of the grid. In the worst case, the power grid could be severely damaged and physical safety compromised. In this paper we analyze cybersecurity risks associated with the aggregation of DERs and develop an approach to mitigating that risk. The approaches to both cyber risk analysis and mitigation were developed during a recent research project that serves as an example of how the approaches could be applied. However, both the risk analysis and mitigation are applicable to the broader domain of all DERs. An important conclusion is that the successful cyber compromise of aggregated DERs could have a significant impact on the bulk power system. This is the case even if each individual DER falls below the threshold of compliance with bulk-grid cybersecurity standards. For this reason, we specifically investigate how National Electricity Reliability Corporation's Critical Infrastructure Protection requirements could flow down to interactions between DER aggregatorsmore » and the DERs themselves in order to protect the grid from these bulk-scale cyber attack impacts.« less

Authors:
ORCiD logo [1];  [1];  [2];  [3]
  1. National Renewable Energy Lab. (NREL), Golden, CO (United States)
  2. Duo Security, Ann Arbor, MI (United States)
  3. ETAS/ESCRYPT Embedded Security, Ann Arbor, MI (United States)
Publication Date:
Research Org.:
National Renewable Energy Lab. (NREL), Golden, CO (United States)
Sponsoring Org.:
USDOE Office of Energy Efficiency and Renewable Energy (EERE), Building Technologies Office (EE-5B)
OSTI Identifier:
1505076
Report Number(s):
NREL/JA-5500-73026
Journal ID: ISSN 1040-6190
Grant/Contract Number:  
AC36-08GO28308
Resource Type:
Accepted Manuscript
Journal Name:
Electricity Journal
Additional Journal Information:
Journal Volume: 32; Journal Issue: 2; Journal ID: ISSN 1040-6190
Publisher:
Elsevier
Country of Publication:
United States
Language:
English
Subject:
24 POWER TRANSMISSION AND DISTRIBUTION; security; power system security; smart grids; home automation; smart homes; internet of things; aggregated energy assets

Citation Formats

Christensen, Dane, Martin, Maurice, Gantumur, Erdenebat, and Mendrick, Brandon. Risk Assessment at the Edge: Applying NERC CIP to Aggregated Grid-Edge Resources. United States: N. p., 2019. Web. doi:10.1016/j.tej.2019.01.018.
Christensen, Dane, Martin, Maurice, Gantumur, Erdenebat, & Mendrick, Brandon. Risk Assessment at the Edge: Applying NERC CIP to Aggregated Grid-Edge Resources. United States. doi:10.1016/j.tej.2019.01.018.
Christensen, Dane, Martin, Maurice, Gantumur, Erdenebat, and Mendrick, Brandon. Sat . "Risk Assessment at the Edge: Applying NERC CIP to Aggregated Grid-Edge Resources". United States. doi:10.1016/j.tej.2019.01.018.
@article{osti_1505076,
title = {Risk Assessment at the Edge: Applying NERC CIP to Aggregated Grid-Edge Resources},
author = {Christensen, Dane and Martin, Maurice and Gantumur, Erdenebat and Mendrick, Brandon},
abstractNote = {Distributed energy resources (DERs) promise to deliver benefits for both utilities and consumers by dynamically interoperating utility systems with customer-owned grid-edge technologies. These small energy-consuming devices are increasingly being aggregated for participation in grid markets, planning and operations. A cyber attack penetrating the control system of aggregated DERs could negatively impact the operation of the grid. In the worst case, the power grid could be severely damaged and physical safety compromised. In this paper we analyze cybersecurity risks associated with the aggregation of DERs and develop an approach to mitigating that risk. The approaches to both cyber risk analysis and mitigation were developed during a recent research project that serves as an example of how the approaches could be applied. However, both the risk analysis and mitigation are applicable to the broader domain of all DERs. An important conclusion is that the successful cyber compromise of aggregated DERs could have a significant impact on the bulk power system. This is the case even if each individual DER falls below the threshold of compliance with bulk-grid cybersecurity standards. For this reason, we specifically investigate how National Electricity Reliability Corporation's Critical Infrastructure Protection requirements could flow down to interactions between DER aggregators and the DERs themselves in order to protect the grid from these bulk-scale cyber attack impacts.},
doi = {10.1016/j.tej.2019.01.018},
journal = {Electricity Journal},
number = 2,
volume = 32,
place = {United States},
year = {2019},
month = {3}
}

Journal Article:
Free Publicly Available Full Text
This content will become publicly available on March 23, 2020
Publisher's Version of Record

Save / Share: