Grid Reliability Starts with Device-level Security

Cyber threats are becoming more sophisticated and are increasingly targeting critical energy infrastructure, as the U.S. Department of Energy (DoE) and the National Association of Regulatory Utility Commissioners (NARUC) noted in February while sharing new guidelines to safeguard grid-scale solar and other distributed energy resources.

Several government and regulatory agencies are urgently working to revise the rules for solar projects in wholesale energy markets, for multiple reasons. Projects encounter more operational risk than ever before. Meanwhile, solar has quickly transitioned from a niche supplier at the regional transmission level to become unquestionably critical energy infrastructure.

Growing cybersecurity risks and new reliability standards require project developers and asset owners to expect more expertise and better solutions from fully integrated systems and core components, including motion control systems for solar tracking.

Going forward, technology providers will need to deliver suitable security for current reliability standards and new standards under development, such as those that will be discussed in this post. Solution providers should also be prepared to address readiness for operating through extreme cold weather conditions and other forthcoming regulatory requirements.

NERC Reliability Standards

In parallel with the DoE and NARUC, the North American Electric Reliability Corporation (NERC)—an authority on grid reliability for nearly 400 million people in the U.S., Canada, and Mexico—has also published a work plan responding to reliability concerns about inverter-based resources. Inverter-based resources, including solar photovoltaic (PV) systems, are facilities connected to the bulk power system that use a power electronic interface between the source of energy and the grid.

The new NERC standards center on four areas of concern: data sharing, data and model validation, planning and operational studies, and performance.

The data sharing requirement specifies actions and types of data to be shared between stakeholder groups including planning coordinators, transmission planners, reliability coordinators, transmission operators, balancing authorities, generator owners, generator operators, transmission owners, and distribution providers.

The model validation requirement aims to bring inverter-based resources in line with synchronous generators. It also accounts for expectations during interconnection with post-disturbance monitoring and during ongoing planning and operational studies that help with identifying performance.

The planning and operational studies requirement will ensure that all studies accurately represent ride-through performance, with future updates as needed.

The performance requirement establishes scenarios when energy facilities should ride through grid disturbances and when they should disconnect from the grid.

Following the publication of the NERC planning document, GridSME, a technical services firm that advises on cybersecurity for distributed energy resources, explained some new concepts for grid owners and operators to be aware of. One important detail is the set of project characteristics that determine when projects have to register NERC compliance.

Projects greater than or equal to 75 megawatt (MW) nameplate rating and interconnected at greater than or equal to 100 kilovolts (kV) should have already completed registration. Projects greater than or equal to 20 MW nameplate rating and interconnected at greater than or equal to 60 kV have until May 2025 to comply. GridSME recommends starting the registration process “as soon as practicable.”

Tightening Security

A recently reported cyberattack on a solar power generating facility in Japan highlights the urgent need for heightened reliability standards. According to CSO, a publication serving enterprise security decision-makers and users, hackers gained access to hundreds of remote monitoring devices, exploiting a security flaw that has since been discovered and patched.

Though the apparent objective was bank account theft, not disruption of the electric grid, industry experts have acknowledged the potential for bad actors to deploy similar tactics to try and seize control of a solar power plant.

In the Summer 2023 edition of United States Cybersecurity Magazine, two experts affiliated with Georgetown University singled out solar tracker control systems and their associated communications systems as critical components that must be properly secured.

“A comprehensive understanding of the supply chain will help mitigate risk,” said the experts, Henry Sienkiewicz, a member of faculty, and Thelonius Walker III, an alumnus. “The identification of suppliers and their components will allow for the risk managers to baseline, assess, monitor, and correlate threats and vulnerabilities within their operational context.”

Kinematics was an early adopter of enterprise-grade security for connected devices in utility-scale solar, because we recognized the need to minimize risk of network interference. This is the kind of insight that comes from nearly three decades of leadership as a provider of motion control solutions for mission-critical systems.

Learn more about the value of network security and reliability and our membership in Wi-SUN Alliance, a global association of manufacturers and services providers for utilities, smart cities, and the Internet of Things (IoT), from our wireless networking white paper.

Cold-weather Performance Testing

Solar power plant owners and operators can expect many more requirements for inverter-based resources operating in wholesale markets. GridSME, in its recent summary of NERC’s new reliability standards, listed 13 additional standards that may apply for projects that need to register NERC compliance in the next year. Included was an emergency operation planning standard for extreme cold weather that will be especially important for solar tracking systems.

Projects can take all necessary steps to secure communication networks from bad actors, but grid reliability would still suffer if those projects cannot ride through freezing conditions. That’s why NERC has developed cold weather performance standards, including a requirement that energy systems and critical components operate continuously for 12 hours or longer at temperatures of 32 degrees Fahrenheit or below and a concurrent wind speed of at least 20 miles per hour.

Technology providers should be transparent with project partners about cold-weather performance test results. Long before the interconnection process, generator owners and operators need to know about any technical constraints that would preclude systems from implementing appropriate freeze protection measures during commercial operations.


Talk to Kinematics

Contact us to find out how solar projects with the Kinematics ONE complete actuation sub-system can satisfy grid reliability standards. With stronger device-level security, grid operators will sooner resolve cybersecurity risks and recognize how decentralized grid architecture and flexible distributed energy resources can bolster the grid like never before.

Stay Connected

Stay connected with Kinematics – press releases, white papers, key industry information and more.

This field is for validation purposes and should be left unchanged.