As more renewable energy sources and other distributed energy resources (DERs) interconnect with the electricity network, the risk of cyber attacks increases. The IEC 61850 series, as well as other core standards for the smart grid, are evolving to take these augmenting risk factors into account.
“If you have a problem with your computer you can just switch it off and reboot. You can’t do that with the electricity grid. You need to maintain a continuous supply and that’s why securing the grid is so important,” says Frances Cleveland, the head of one of the working groups inside IEC Technical Committee 57 which publishes many of the key documents paving the way for the automatization and digitalization of the electricity grid.
WG 15 issues publications addressing data and communication security aspects in the electricity network. Among its key publications isthe IEC 62351 series, which provides guidance on designing security into systems and operations.
One of the roles of the WG is to undertake standards development for the security of the communication protocols defined in the IEC 61850 series, among other core smart grid standards published by TC 57. IEC 62351-6, for instance, was developed to secure the operation of all communication protocols based on or derived from IEC 61850, including those defined in IEC 61850-8-1, IEC 61850-9-2 and IEC 61850-6.
Cyber attacks on critical assets like the electricity supply network can seriously disrupt the continuity of electricity delivery. With the multiplication of DERs connected to the grid, such as renewable energy sources like the sun or wind, the number of points of entry to the electricity network has increased massively.
These multiple points of entry are not managed by a central control centre, such as a power station for instance, which means that the cyber security standards protecting the control centre need to be extended even down to residential homes.
“Cyber security is needed everywhere and we need to convince all the different stakeholders involved and there are many of them, from the manufacturers, the vendors, the installers, right down to the aggregators and the utility regulators, of that necessity,” Cleveland explains.
Role-based access control
One of the ways of improving the cyber security of DERs is by defining role-based access to the systems. “You need to set up permissions with special access and be able to monitor who can and can’t perform certain tasks, like update the settings, for instance,” Cleveland adds.
The IEC is developing a technical report, IEC TR 61850-90-19, tying role-based access control and permissions as defined in certain IEC 62351 standards, to IEC 61850 devices and applications.
“The idea is to get DER stakeholders to build systems which integrate cyber security aspects right from the start, in other words systems that are secure-by-design. If they think about cyber security once the system is already out there, it will be a bit like applying a band aid to a life-threatening injury,” Cleveland says.
One of the challenges is finding a way to make complex documents like the IEC 61850 or the IEC 62351 standards more directly targeted or customized to specific users, involved in the DER supply chain.
Cleveland is also an active member of the IEC Systems Committee for Smart Energy, whose role is, among many tasks, to coordinate the work of several technical committees working to publish standards relating to the digitalization of the grid and facility automation in general.