S4x23 Review Part 2: Evolving Energy Cybersecurity

While public-private partnerships may have been successful for large businesses, small businesses with limited financial and human assets still face challenges.

The 100-day plan has certainly advanced cybersecurity in the energy sector by focusing on ICS security and grid security and facilitating coordination between public and private entities and agencies. However, challenges have been raised in the areas of information sharing among small utilities, solutions tailored for them, and sustainable initiatives.

Innovative threat intelligence and products designed for large utilities are too expensive for small utilities. However, the power grid is interconnected between large and small, so the ownership lays intersections. There was a need to develop sustainable and right-sized solutions for small to secure distribution grid.

The NRECA has developed the solution from three perspectives. The first was to define the requirements for sustainability, if it did not necessarily have to be advanced, but rather a community-oriented, affordable, and interoperable solution.

The second requirement was to support small utilities decision-making. It should incentivize them and support their change. The third requirement was to provide a workforce solution. IT staff is only two or fewer in 65% of the distribution cooperatives, requiring a hybrid operation of human and automation.

She said the NRECA launched Threat Analysis Center (TAC) as a solution.

TAC is a tool and community that enables co-ops to focus on the cyber threats that matter, respond quickly with the necessary expertise, and engage with the wider threat intelligence community without sacrificing privacy.

Electric cooperatives that join TAC commit to equipping their operating systems with a continuous monitoring platform that can quickly determine if anomalies occur in the system. TAC pushes “rules” or short software programs for co-ops to test their systems for new and old hacking methods.

The NRECA informs utilities of urgent and critical threat information from federal authorities and supports co-ops in testing for threats. It can also understand how much the threat has actually spread by applying information from the cooperatives.

The more co-ops that participate, the more eyes there are monitoring the power grid, minimizing overall damage.

The Road to Solar Energy Cybersecurity
Marissa Morales-Rodriguez, Contractor for DOE/SETO, Technology Manager

Solar power generation is expected to reach 40% of the total electricity supply in the United States by 2035 and 45% by 2050. The Solar Energy Technologies Office (SETO) is working to achieve high levels of cybersecurity maturity in solar power generation facilities and supply chains, including Distributed Energy Resources (DER), using a diverse range of stakeholders and numerous technologies.

Read More HERE