Cybersecurity is essential for interoperable power systems and transportation infrastructure in the US. As the US transitions to transportation electrification, cyber attacks on vehicle charging could impact nearly all US critical infrastructure. This is a growing area of concern as more charging stations communicate to a range of entities (grid operators, vehicles, OEM vendors, etc.), as shown in Figure I.1.1.1. The research challenges are extensive and complicated because there are many end users, stakeholders, and software and equipment vendors. Poorly implemented electric vehicle supply equipment (EVSE) cybersecurity is a major risk to electric vehicle (EV) adoption because the political, social, and financial impact of cyberattacks—or public perception of such—ripples across the industry and has lasting and devastating effects. Unfortunately, there is no comprehensive EVSE cybersecurity approach and limited best practices have been adopted by the EV/EVSE industry. For this reason, there is an incomplete industry understanding of the attack surface, interconnected assets, and unsecured interfaces. Thus, comprehensive cybersecurity recommendations founded on sound research are necessary to secure EV charging infrastructure. This project is providing the automotive industry with a strong technical basis for securing this infrastructure by developing threat models, prioritizing technology gaps, and developing effective countermeasures. Specifically, the team is creating a cybersecurity threat model and performing a technical risk assessment of EVSE assets, so that automotive, charging, and utility stakeholders can better protect customers, vehicles, and power systems in the face of new cyber threats.
Grid operators are increasingly turning to advanced grid-support functions in distributed energy resources (DER) to assist with distribution circuit voltage regulation, bulk system frequency control, and power system protection. The U.S. DER certification standard, Underwriters Laboratories (UL) 1741, was revised in September 2016 to add test procedures for multiple grid-support functions. Sandia National Laboratories, SunSpec Alliance, and growing community of collaborators have undertaken a multiyear effort to create an open-source system validation platform (SVP) that automates DER interconnection and interoperability test procedures by communicating with grid simulators, photovoltaic (PV) simulators, data acquisition systems, and interoperable equipment under test. However, the power hardware required for generating the test conditions may be untenable for many organizations. Herein, we discuss development of the SVP testing capabilities for UL 1741 tests utilizing a controller hardware-in-The-loop testbed that precludes the need for power hardware using a 34.5 kW Austrian Institute of Technology smart grid controller. Analysis of normal ramp rate, soft start ramp rate, specified power factor, volt-VAr, and frequency-watt advanced grid functions, and the effectiveness of the UL 1741 test protocols are included.
Cyber-secure, resilient energy is paramount to the prosperity of the United States. As the experience and sophistication of cyber adversaries grow, so too must the US power system’s defenses, situational awareness, and response and recovery strategies. Traditionally, power systems were operated with dedicated communication channels to large generators and utility-owned assets but now there is greater reliance on photovoltaic (PV) systems to provide power generation. PV systems often communicate to utilities, aggregators, and other grid operators over the public internet so the power system attack surface has significantly expanded. At the same time, solar energy systems are equipped with a range of grid-support functions, that—if controlled or programmed improperly—present a risk of power system disturbances. This document is a five-year roadmap intended to chart a path for improving cyber security for communication-enabled PV systems with clear roles and responsibilities for government, standards development organizations, PV vendors, and grid operators.
This report provides an introduction to cyber security for distributed energy resources (DER) - such as photovoltaic (PV) inverters and energy storage systems (ESS). This material is motivated by the need to assist DER vendors, aggregators, grid operators, and broader PV industry with cyber security resilience and describe the state-of-the-art for securing DER communications. The report outlines basic principles of cyber security, encryption, communication protocols, DER cyber security recommendations and requirements, and device-, aggregator-, and utility-level security best practices to ensure data confidentiality, integrity, and availability. Example cyber security attacks, including eavesdropping, masquerading, man-in-the-middle, replay attacks, and denial-of-service are also described. A survey of communication protocols and cyber security recommendations used by the DER and power system industry are included to elucidate the cyber security standards landscape. Lastly, a roadmap is presented to harden end-to-end communications for DER with research and industry engagement.