UL and the US National Renewable Energy Laboratory have released a report on cybersecurity certification recommendations and are actively developing new requirements to create cybersecurity certification standards.
From pv magazine USA
UL, a global safety science leader, has published a new report in cooperation with the US Department of Energy’s National Renewable Energy Laboratory (NREL).
The “Cybersecurity Certification Recommendations for Interconnected Grid Edge Devices and Inverter Based Resources” report notes that cybersecurity threats have become common. For example, just two weeks ago, thousands of internet users in Europe lost access to services when a satellite operator experienced a “cyber event.”
The same attack also knocked nearly 6,000 wind turbines offline in Germany and Central Europe, with a combined output of 11GW. The growth in grid-edge distributed energy resources (DER) offers a potential new target for cyberattacks, which is why certification testing procedure are needed to identify gaps in DER cybersecurity functionality, as well as mandates for secure features at the device, network, and system level.
Distributed energy resources include any grid-connected energy storage and generation technologies and their associated flexible loads, such as solar, battery storage, wind turbines, and fuel cells, among other resources essential to grid operations. The cyber-threat increases when the resources have communication capabilities.
The certification testing procedure can potentially be used in a US industry standard to help manufacturers develop effective approaches to cybersecurity and to help in the development of third-party conformity assessment programs for cybersecurity testing and certification. While standards are not yet in place, this report includes recommendations.
In the meantime, the report acknowledges that “utilities, aggregators, and equipment manufacturers could consider implementing and testing against appropriate elements of existing cybersecurity standards and guidelines as they become available. As a start, they could align their cyber-defenses to (the US National Institute of Standards and Technology) Framework for Improving Critical Infrastructure Cybersecurity.”
Kenneth Boyce, senior director for the principal engineering and industrial group at UL, said that there are currently no cybersecurity certification requirements to which manufacturers and vendors can certify their DER and IBR devices against an established, widely adopted cybersecurity certification program. The development of these new cybersecurity certification requirements will provide a single unified approach that can be taken as a reference for performing the testing and certification of DERs before being deployed and while in the field, he claimed.
With support from Department of Energy’s Solar Energy Technologies Office, UL will continue working with NREL on developing requirements to support cybersecurity certification standards for DERs and IBRs. NREL and UL are currently working on an Outline of Investigation for a standard that will apply to energy storage and generation technologies on the distribution grid, including inverters, EV chargers, wind turbines, fuel cells, and other resources essential to advancing grid operations.
The new requirements will prioritize cybersecurity enhancements for power systems dealing with high penetration inverter-based resources, including those interfacing with bulk power systems for periods of instantaneous high wind, solar and hybrid/storage generation. It will also help ensure cybersecurity is designed into new IBR and DER systems.
“UL supports the development of a cybersecurity certification program because, not only will robust cybersecurity be introduced to the electric grid, but it will also help to ensure the concept of security by design is being followed for new DER systems,” said Danish Saleem, senior researcher for energy cyber-physical system security at NREL.
The North American Electric Reliability Corporation (NERC)’s Critical Infrastructure Protection (CIP) standards now include cybersecurity requirements with hefty consequences for violations, but having cybersecurity standards and certification will enable corporate security specialists to implement best practices to prevent violations in the first place.
This content is protected by copyright and may not be reused. If you want to cooperate with us and would like to reuse some of our content, please contact: [email protected]
Source: pv magazine