Cybersecurity is essential for interoperable power systems and transportation infrastructure in the US. As the US transitions to transportation electrification, cyber attacks on vehicle charging could impact nearly all US critical infrastructure. This is a growing area of concern as more charging stations communicate to a range of entities (grid operators, vehicles, OEM vendors, etc.), as shown in Figure I.1.1.1. The research challenges are extensive and complicated because there are many end users, stakeholders, and software and equipment vendors. Poorly implemented electric vehicle supply equipment (EVSE) cybersecurity is a major risk to electric vehicle (EV) adoption because the political, social, and financial impact of cyberattacks—or public perception of such—ripples across the industry and has lasting and devastating effects. Unfortunately, there is no comprehensive EVSE cybersecurity approach and limited best practices have been adopted by the EV/EVSE industry. For this reason, there is an incomplete industry understanding of the attack surface, interconnected assets, and unsecured interfaces. Thus, comprehensive cybersecurity recommendations founded on sound research are necessary to secure EV charging infrastructure. This project is providing the automotive industry with a strong technical basis for securing this infrastructure by developing threat models, prioritizing technology gaps, and developing effective countermeasures. Specifically, the team is creating a cybersecurity threat model and performing a technical risk assessment of EVSE assets, so that automotive, charging, and utility stakeholders can better protect customers, vehicles, and power systems in the face of new cyber threats.
Proceedings - 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 12th IEEE International Conference on Big Data Science and Engineering, Trustcom/BigDataSE 2018
To ensure reliable and predictable service in the electrical grid it is important to gauge the level of trust present within critical components and substations. Although trust throughout a smart grid is temporal and dynamically varies according to measured states, it is possible to accurately formulate communications and service level strategies based on such trust measurements. Utilizing an effective set of machine learning and statistical methods, it is shown that establishment of trust levels between substations using behavioral pattern analysis is possible. It is also shown that the establishment of such trust can facilitate simple secure communications routing between substations.
Grid operators are increasingly turning to advanced grid-support functions in distributed energy resources (DER) to assist with distribution circuit voltage regulation, bulk system frequency control, and power system protection. The U.S. DER certification standard, Underwriters Laboratories (UL) 1741, was revised in September 2016 to add test procedures for multiple grid-support functions. Sandia National Laboratories, SunSpec Alliance, and growing community of collaborators have undertaken a multiyear effort to create an open-source system validation platform (SVP) that automates DER interconnection and interoperability test procedures by communicating with grid simulators, photovoltaic (PV) simulators, data acquisition systems, and interoperable equipment under test. However, the power hardware required for generating the test conditions may be untenable for many organizations. Herein, we discuss development of the SVP testing capabilities for UL 1741 tests utilizing a controller hardware-in-The-loop testbed that precludes the need for power hardware using a 34.5 kW Austrian Institute of Technology smart grid controller. Analysis of normal ramp rate, soft start ramp rate, specified power factor, volt-VAr, and frequency-watt advanced grid functions, and the effectiveness of the UL 1741 test protocols are included.
Cyber-secure, resilient energy is paramount to the prosperity of the United States. As the experience and sophistication of cyber adversaries grow, so too must the US power system’s defenses, situational awareness, and response and recovery strategies. Traditionally, power systems were operated with dedicated communication channels to large generators and utility-owned assets but now there is greater reliance on photovoltaic (PV) systems to provide power generation. PV systems often communicate to utilities, aggregators, and other grid operators over the public internet so the power system attack surface has significantly expanded. At the same time, solar energy systems are equipped with a range of grid-support functions, that—if controlled or programmed improperly—present a risk of power system disturbances. This document is a five-year roadmap intended to chart a path for improving cyber security for communication-enabled PV systems with clear roles and responsibilities for government, standards development organizations, PV vendors, and grid operators.