Resilience to cyber attack and the Faraday Grid solution
All actors in the electricity industry are responsible for security of supply. That is to say electricity provision to the end-users, within agreed levels of continuity and quality. For years, each part of the energy supply chain - from resource extraction to generation, transmission, distribution, markets, and increasingly end use - has relied on using digital systems. The digital connectivity of electricity grids and digital trading platforms for electricity are experiencing considerable innovation. This text considers grid resilience and risks to energy and cyber security in our society.
What does energy security mean?
Energy security means access to energy resources when and where we need it: whether oil, gas, or power. In recent times, policy and research have come to consider the definition of energy security and expanded it considerably to include questions of reliability, power failures, industrial competitiveness, and affordable energy prices. Energy is literally connected to all aspects of life, which explains the appeal of the broad concept. Nevertheless, if energy security can mean almost anything, the concept risks becoming problematic and worn out. This expansion could defeat the purpose: to better understand the vulnerability of different energy systems and their resilience.
What does "grid resilience” really mean?
Vulnerability and resilience are the flipsides of the same coin. Vulnerability refers to a trait of an electricity grid that exposes it to disruptions. They can be internal (such as technical failure) or external (such as weather events). Resilience is the ability of the grid to tolerate and recover from such disruptive events.
Electricity grid and infrastructure resilience is specifically reliability of grid components, their ability to resist hazards, redundancy through backup installations, and fast response and recovery from disruptive events. On a human level, local skills, experience, and knowledge enhance energy system resilience, for example, among professionals who provide critical services by operating energy systems all the time.
With the every increasing trend to convergence of Internet of Things, smart cities, smart homes, smart devices, electric vehicles, automated electric vehicles and electricity grids it is very clear that a reconsideration of what defines grid resilience, as well as, the degree and nature of its vulnerabilities is long overdue.
Why are current grids vulnerable to attack?
The dependence of electricity grids on functioning Information Communication Technologies (ICTs) has been discussed for more than a decade. A report by Beckford Consulting recognizes a number of ICTs at the core of electricity grids: from logic control units in power stations to power management systems and communications infrastructures used across and outside the electricity industry.
Information technologies have multiple relationships to grid resilience. The world has now seen how information systems can sustain open and decentralised networks for example the Internet. They embody one form of resilience. Generally, the interconnection of different systems increases efficiency, creates redundancies that decrease some categories of risk, but they can also lead the to potential for unforeseen systemic risks.
Vulnerable PC software exposes electricity grids to cyber threats. Actual attacks against utility information technology happened in Ukraine in 2015-16 leading to power blackouts, and in Ireland in 2017. Another Dragonfly intelligence-gathering attack on the energy sector exploited information technology weaknesses, using malicious emails, web site compromise attacks, and by compromising legitimate software according to American software provider Symantec.
Why is a Smart Grid vulnerable
A recent blog by Newcastle University argues that we lack evidence of situations where Smart Grid - electricity grid that uses ICTs, in the widest possible meaning - has been compromised energy system operation. Nevertheless, Smart Grid makes ICTs even more crucial to the management of electricity grids than explained above. This includes new information technology whose vulnerabilities are not yet well-understood.
Recently, European energy industry associations, the European Commission, and the US Department of Commerce have warned about the exposure of Smart Grid to cyber threats and called for managing this interdependence risk. The size and the shape of the smart energy infrastructure could become so opaque, that, like the Internet, its resilience and security incidents are very difficult to understand.
What other proposed solutions make the grid potentially more vulnerable to attack?
Generally, making energy grids ‘smarter’ opens them up to a growing number of providers and organisations, each with different cybersecurity objectives and issues. This includes, but is not limited to, new energy management services, smart device manufacturers, electric vehicles, and their charging stations. Each addition can be seen as a potential vulnerability.
The Faraday Grid solution (constructed of distributed autonomous points)
The earlier lessons suggest that grid resilience and distributed risk management are closely related. Electricity grids withstand disruptions partially by allowing autonomous points - whether transformers or human responders - to “bounce back” from disruptions in relative independence of the bigger energy system. Adding a layer of hackable information technology introduces considerable but unknowable potential risks. Positively they can also serve redundancy and backup installations - aspects of resilience and efficient risk management as centralised electricity grids have shown. But here the price is increasing interdependence risks. That backup installation function in the system has interactions which are increasingly opaque, the more interdependent they become.
Why is a Faraday Grid resilient to attack?
The Faraday Grid is resilient by design. In the same way the internet continues to operate in the absence of individual routers, a Faraday Grid will continue to function if individual Faraday Exchangers are attacked, or fail due to a weather event, for example.
This is because the control layer of an Exchanger is embedded in the hardware itself, rather than as a network layer of fibre optics over the entirety of the grid. Each Exchanger is autonomous and responds to the activity in its immediate location. It is not dependant on the response from a neighbouring Exchanger to perform its function.
A decentralised electricity system requires a transition to a more resilient and smart network. Smart grids present an opportunity for more efficient and connected communities, but they can also expose our most critical infrastructure to attack. The Faraday Grid is the only technology able to resolve this tension by reinventing electricity networks at their most fundamental level.