The risk of a cyber-attack that will take down the power system is seriously underestimated, writes financial energy specialist Gerard Reid. To prevent future disaster, we need to build a completely new power system. Reliability is not anymore about the âaverage minutes of downtime per yearâ. Courtesy Energy and Carbon blog.
There is a lot of talk of cyber-security in the media and nearly all of us have had experience with computer viruses or have been in some way affected by a cyber-attack, but for most of us they have not been that serious. A cyber-attack on the power system, on the other hand, would be very serious, as our modern digital lives cannot exist without electricity.
If you can easily hack into one solar system, then you can can hack into more than one and if you do that simultaneously then it is possible to shut off a massive amount of power to the system
Nearly all of us are totally unprepared for such an eventuality, but we need to be as the risks are very real. Having recently seen a live presentation where an engineer broke into a commercial solar system in Germany and showed how he was able to control that system, I believe the risks are grossly understated. I also donât believe that utility executives let alone governmental and regulatory authorities realize the risks that we are facing, and the crazy thing is that I donât believe they will confront these risks until we have a blackout.
Centrally managed
Most of us take electricity for granted and thus do not realize how ingrained it is into the very fabric of our lives and how dependent our society is on it. Politicians do understand how important electricity is, with one of their biggest concerns being the ârisk of a blackoutâ, which wonât endear them to the voting public.
However, they have been fooled into believing that the best measure of the reliability and resilience of the power system are measures such as the âaverage numbers of minutes that customers had no power last yearâ. There are even international comparisons available which allow countries like Germany and Denmark to say that they have one of the most reliable power systems in the world. However, this data tells us nothing about how susceptible a power system is to be brought down by a cyber-attack.
We need to connect more, not fewer, intelligent devices to the power system, such as EVs with their large batteries in them
Today, our power systems are controlled as they have been for 100 years by grid operators with their centrally managed control rooms. These grid operators have, in recent years, invested massive amounts of capital into technology platforms for ensuing that we all receive reliable and high quality power 24/7. Â But if you do manage to hack into that system then you have complete control of the power system. However, you may not even need to do that to cause a significant shock to the system.
If you can easily hack into one solar system, then you can can hack into more than one and if you do that simultaneously then it is possible to shut off a massive amount of power to the system.  And if you do that you will cause a blackout and in the case of Europe which has one interconnected grid the shocks will be felt across the whole continent. These risks are only going to rise as we increasingly connect lots of internet controlled (IOT) devices like solar PV, heat pumps as well as electric cars to our grid. This leads to the question how best to deal with these risks?
Anti-fragile
The first thing is to realize that we have built a fragile system which could break under stress. The second point is to build a power system that is more durable and flexible in its response to cyber and/or physical attacks or as the author Nicholas Taleb calls it, an anti-fragile system. âAntifragility,â he says, âis beyond resilience or robustness. The resilient resists shocks and stays the same; the antifragile gets better.â
His approach, which may at first seem counter-intuitive, is to move away from a centralized system to a decentralised system with lots of âfragileâ parts in it, which can watch and learn from each other as each unit improvises in response to unexpected events. This means we need to connect more, not fewer, intelligent devices to the power system, such as EVs with their large batteries in them, which in turn can provide local buffering and improve energy security.
The first thing is to realize that we have built a fragile system which could break under stress
But for this to happen we need to reset the traditional relationship between energy providers, energy users and grid operators to allow greater participation in the world of electricity as well as the decentralization of control. This requires a radical regulatory rethink which is especially difficult given commercial interests of incumbent players.
In the meantime, the public need to be prepared for life during a blackout. This is exactly what the government in Sweden has done; they sent out a leaflet to all Swedish households earlier this year giving relevant tips and advice about how to act during a crisis with instructions on such things as how much water and food should be stored. You may say this is too hysterical a response but at least the Swedish government have understood that itâs better to advise the public than to close their eyes to the risks of having no electricity.
Editorâs Note
Gerard Reid is founding partner of Alexa Capital in London, a leading corporate finance business focused on energy and mobility. He has over two decades of experience in equity research and fund management in the energy area.
This article was first published on Energy and Carbon, a blog hosted by Reid and energy journalist and advisor Gerard Wynn. It is republished here with permission.
[adrotate banner=”78″]
Mike Parr says
I’m not sure I agree with the title, that said, good article – good points. But.
” they have been fooled into believing that the best measure of the reliability and resilience of the power system are measures such as the âaverage numbers of minutes that customers had no power last yearâ
It’s not a bad measure – it just depends on how the reliability is implemented. One also needs to discriminate (a word with its own particular meaning in power networks), between transmission and distribution networks. Transmission networks have always been centrally managed (sometimes by regions) by contrast, distribution networks have been managed more on a localised basis. What follows focuses on distribution networks, since the writer did not… erm “discriminate”… between the two.
Until it was taken over by Scottish Power, the UK DNO MANWEB (Merseyside) did quite well without a distribution management system (DMS) which for most DNOs, forms the basis of their control system. They need a DMS because most distribution networks are operated as open rings and when there is a fault, the ring is re-configured rapidly and automatically by the DMS (usually at 6.6kV or 11kV) to reduced the number of customers off supply. Of course this needs a significant comms network.
MANWEB, for its urban and suburban network never needed a DMS because the network is fully meshed (from LV through to 33kV) and uses unit protection (which needs pilot cables running with each MV and HV cable). In the event of a fault, the local protection automatically (and instantaneously) isolates the affected section of cable. Data comms (devices with some amount of computing ability) as commonly understood does not exist is such a system.
There is almost never a loss of supply to customers. Just for the record, the MANWEB urban/suburban network is better, in reliability terms than Japanese networks – which claim to be the best in the world.
Why the different approaches? The open ring system builds a network down to a price, meshed/unit protection is built up to a level of performance. This worked Ok for the open ring guys in the time frame 1950 through to 1990. The problem is that the open ring approach, as the metrics for network performance increase, imply a semi-infinite increase in costs both in terms of performance of the comms network, the computer systems (upgrade the DMS!!) and security (due to all that comms). By contrast, meshed and unit protection is a one time cost. Pay now & sit back and enjoy, don’t pay now – pay later – forever.
Furthermore, the MANWEB approach is not only more secure but is also renewable friendly – it is agnostic to the “direction” in which power flows (a short reflection on how unit protection functions will show that it is impervious to directional flows of energy).
As for hackers – there is no “network” to hack. I guess you could dig up the pilot cables and short them – but you would need to first find the pilot cables (helpful hint – they sit underneath the 11kV cables – do be careful) that is a very large number of holes & I rather think people would notice.
Continuing downwards, security has not been helped by the move towards MPLS (popular on some telecoms networks) which offer “virtual pathways” thus opening networks & traffic up to attack. MPLS etc replaced hardwired networks used both for protection and control on many power networks. In the PV case, properly secured VPNs, perhaps IPv6-based would have been the solution – but hey! that costs money. I can think of quite a few players in the distributed generation space that do not like spending money of “support functions” As for IoT – amusing! an accident waiting to happen.
Current DNO networks are locked into infinite expanding expenditure, protecting “unfit for purpose” open-ring topologies that were adequate for the 20th century but unfit for the 21st. A favourite phrase amongst policy makers is “no regrets investments”. Given this, one wonders if most DNOs have the courage to admit that indeed, most of their (open ring – “go with the flow”) investments were at best unwise at worst foolish. Or perhaps in this case, ignorance is bliss and gee! – that’s what the equipment suppliers told us/sold us.