Smart Grid Security Will Get Boost from AI and 5G
Key takeaways from this article:
- Smart grid technologies such as microgrids, generators and solar panels may help curb climate change and help consumers take greater control of their energy consumption.
- Smart grid technologies create a two-way flow of data that invites new cybersecurity challenges.
- Artificial intelligence, 5G and other technologies are poised to aid with these challenges, but the energy industry must continue to invest to get ahead of cyberattacks.
For the energy industry, securing the grid is mission-critical.
Increasingly, too, securing devices that lie beyond the centralized grid — at the edge, so to speak — is also critical as well as a moving target. Zero-trust cybersecurity, 5G connectivity and machine learning, though, may ultimately help this “smart grid,” as this connected energy grid is known, become more resilient in the face of attacks.
While the shift toward sustainable energy could help secure a better future for the planet and reduce carbon footprint, the smart grid — fueled by connected things, microgrids and so on — creates two-way, risky data flows that add complexity to an already antiquated energy grid.
Smart grid technologies can balance peak demand, flatten the load curve and make energy generation sources more efficient, said Brian Crow, Sensus’ vice president of analytic solutions, in a recent article on the role of IoT in utilities.
Malicious attackers can exploit these two-way flows.
These devices at the edge have the “potential to impact grid reliability,” said Christine Hertzog, principal technical leader at Electric Power Research Institute. Malicious actors can target the grid and have the ability to “change the load in dramatic ways,” she said, “and you could then see some issues with grid reliability.”
Distributed Energy, Smart Grids Accelerate
New energy sources and distribution methods including solar panels, generators and microgrids show promise in curbing climate change and helping consumers take greater control of energy consumption during peak usage times.
Smart grid technologies decentralize energy delivery, enabling people to quickly connect to and disconnect from the larger grid and generate and deliver electricity locally. Unlike today’s massive, centralized grid, an attack or disruption of a microgrid, for example, doesn’t affect the entire system. That’s important for areas like California where wildfires can prompt spontaneous grid shutdowns.
But smart grids also create erratic demand on the larger grid and present two-way traffic to that grid, posing security risks. And these risks are amplified by aging energy grid infrastructure.
Decentralized energy production – components of which are used in smart grids – is growing. The International Energy Agency expects that renewable energy capacity will increase by 50% through 2024, with solar photovoltaics and onshore wind making up the lion’s share of that increase.
“The whole world is moving more toward that paradigm of relying on on-site power — whether it’s solar, a backup generator or another device,” said Peter Asmus, principal research analyst of Navigant Research.
“The world is shifting from large centralized resources to look more like telecom,” Asmus said. He noted that while some deployments have slowed down because of coronavirus, he anticipates a greater acceleration of decentralized energy sources over the next couple of years.
Grid Edge Brings Complexity to Already Antiquated Energy Grid
The traditional energy grid itself lags these modern developments. According to the U.S. Energy Department, 70% of the grid’s transmission lines and power transformers are more than 25 years old, and the average age of power plants is more than 30 years old. Parts of the U.S. grid network are more than a century old.
Technologies such as the Internet of Things (IoT) devices, edge computing architecture and machine learning will modernize the grid. Examples include IoT-enabled backup generators that provide additional power to a home, electric vehicle charging stations or connected thermostats. These kinds of technologies are rapidly becoming extensions of the traditional grid.
According to the “Internet of Things in Energy Market” report, the global market for IoT in energy is expected to grow from $20.2 billion in 2020 to $35.2 billion by 2025, with a compound annual growth rate of 11.8% during the forecast period.
Just as connected devices are part of this equation, edge architecture is as well.
Edge computing architecture brings compute and data closer to the devices and users that need them to improve response times and reduce bandwidth needs. Myriad devices have emerged and reside at the edge rather than in the cloud, which requires a round trip from device to the cloud and back, increasing bandwidth requirements, reducing response time and potentially posing securing risks.
“This is what we would call ‘grid edge,’ and it’s a paradigm shift,” Hertzog said. “We used to consider cybersecurity like the fort concept: You have a perimeter. But when you’re talking about the edge of the grid and cloud-based apps, you’re blowing up that concept,” she said.
Grid edge architecture adds risk and complexity to the grid. Edge devices may not have been patched and updated frequently, may have less vigorous authentication protocols applied, may share a network with other key IT systems and become a target for infiltration, or they may house poorly written code that is easy to penetrate and thus a target for malicious attackers.
These kinds of security risks have been amplified as utilities turn to IoT for better grid management and as consumers take advantage of devices at the edge, such as connected energy meters and home-charging stations for electric cars. As a result, security breaches can now be bidirectional, enabling grids to be penetrated not only via their own networks but also via consumer devices connected to the grid.
To combat security issues, businesses are implementing private networks for IoT. In a recent Omdia survey on IoT adoption, 97% of respondents said that they had considered or are using private networks for IoT deployments to bolster security.
AI, Zero-Trust Cybersecurity
A potential antidote to these risks is the emergence of machine learning and AI-enabled tools to aid IT pros. Machine learning tools can identify threats among the vast number of alerts that IT pros may receive. AI-enabled cybersecurity tools are becoming key to edge security, because humans simply can’t keep up with all the information.
“On a massive scale, that data starts to go beyond what the human brain capacity is able to do,” Hertzog said. “We’re getting so much additional information through new tools and capability, but the ability to assimilate and make sense of that is going to be a big challenge.”
Companies such as National Grid Partners have enlisted AI for cybersecurity monitoring and anticipate using automation for other tasks, such as predictive maintenance and customer service.
Hertzog said that AI is critical for validating identity at the edge, which requires a zero-trust cybersecurity strategy. The underlying principle of zero trust is to never trust and always verify.
Hertzog noted that this approach to cybersecurity requires intelligence at the edge to achieve that identity authentication. “We need distributed intelligence to deliver that zero trust down to the granular level,” she said. “AI would be involved in looking at all the activity and seeing if there were any anomalies.”
“We can take this data and inform our decision-making,” Hertzog said. She emphasized that true AI for this use case may be in the distance, but automated monitoring is already in place.
Hertzog also noted, however, that automation in decision-making can only take place if the data derived is accurate, clean and ready to use.
“Garbage in, garbage out,” Hertzog said. Hertzog noted that poor data quality is compelling reasons for utilities to put the work into data management for cybersecurity. “Studies indicate that about 80% of the time spent on a project involving AI is getting that data into the right format — just getting it ready to be used for AI.”
AI will also require greater speed and network slicing — which allows networks to be partitioned to provide different levels of access to the grid to enable granular security policy setting. Such fine-grained policies are needed to protect these distributed networks.
Hertzog and others have noted that corollary technologies such as 5G connectivity, the new wireless standard, could bolster zero-trust security by providing the network bandwidth to enable the speed and data intensiveness needed for intelligent activity at the edge.
“5G is a game changer,” Hertzog said. “It will enable this concept of slicing networks and the ability to define security policies more granularly. That has some ramifications for zero trust.”
At the same time, Hertzog said, while 5G will bolster smart grid security, the infrastructure required isn’t coming tomorrow. “It will take a decade to roll out,” she said.