Distributed Energy Resource (DER) Cyber Security Working Group

Transcription

1 Distributed Energy Resource (DER) Cyber Security Working Group Kickoff Meeting, 24 Aug 2017 Dr. Kemal Celik, U.S. Department of Energy Jay Johnson, Sandia National Laboratories Cedric Carter, Sandia National Laboratories Tom Tansy, SunSpec Alliance Sandia Na(onal Laboratories is a mul(mission laboratory managed and operated by Na(onal Technology and Engineering Solu(ons of Sandia, LLC, a wholly owned subsidiary of Honeywell Interna(onal, Inc., for the U.S. Department of Energy s Na(onal Nuclear Security Administra(on under contract DE-NA

2 Our presenters Dr. Kemal Celik Technology Manager U.S. Department of Energy SunShot Jay Johnson Principal Member of Technical Staff Sandia National Laboratories Cedric Carter Cyber Security R&D Sandia National Laboratories Tom Tansy Chairman SunSpec Alliance

3 Agenda DOE SunShot systems integration program welcome Program overview Goals & objectives Challenges Choices How to get engaged Who should participate How to sign up How to stay plugged in Appendix Next steps

4 SunShot Program Structure 3 /kwh SunShot 2030 Goal energy.gov/sunshot 4

5 Systems Integra;on Subprogram Funds projects to develop technical solu(ons that enable large scale deployment of solar power onto a modernized electricity grid with improved reliability and resiliency Part of DOE s Grid Moderniza(on Ini(a(ve Solar Forecas(ng Grid Planning and Opera(on Power Electronics Integra(on with Energy Storage Codes and Standards Sensors and Communica(ons Grid Integra(on Analysis energy.gov/sunshot 5

6 Goals & objectives The DER Cyber Security Working Group will bring together DER interoperability and cyber security experts to discuss security for DER devices, gateways, aggregators, utilities and the US power system. Primary Goal: generate a collection of best practices that act as basis for (or input to) national or international DER cyber security standards. Secondary Goal: facilitate DER cyber security discussions between stakeholders to exchange perspectives and gain broad buy-in from the industry.

7 Why is this initiative important?

8 Cyber security working group plan Our objectives Educate DER & power systems communities about cyber security topics Hold technical discussions to advance industry best practices and standards To address this complex challenge, we will structure our effort as follows Two or three initial public meetings Enlist subject matter experts Define scope Twice-per-month working sessions on key topics In-depth explorations led by subject matter experts Groups typically meet ten to twelve times per topic Goal to create best practice or standards recommendations each month Once-per-month group meeting Roadmap review Presentation of key cyber security concepts Work plan status & next steps Periodic public webinars

9 General scope DER Interface U(lity Server Aggregator Server Plant Controller

10 Important decisions to make What is the overall focus for this group? Server considerations and communication interfaces must be prioritized Which IT aspect and protocols aspects do we focus on? Server access and data protection IEEE , IEEE 1815, and/or other for utility connection SunSpec Modbus and/or other for field bus IEEE 1547 full revision allows multiple protocols with vastly different security features Which standards bodies should take precedence? IEEE for DER? NERC CIP for aggregations? Others? Cyber recommendations for IEEE to Modbus communication module J. Henry, F. Cleveland, A. Lee, R. Ramirez, B. Seal, T. Tansy, B. Fox, A. Pochiraju, Cyber Security Requirements and Recommendations for CSI RD&D Solicitation #4 Distributed Energy Resource Communications, Oct 2015.

11 Potential topics to cover Intro to DER Cyber Presentations Confidentiality, integrity, availability Authentication, authorization, accounting/non repudiation Light weight DER cyber assessments with off-the-shelf cyber tools and applications Cyber resilience Encryption Presentations from partners and industry. Development of DER Cyber Best Practices Selecting the appropriate standard for these requirements: IEEE 1547.x, others? Where cyber security requirements will exist (inside/outside of DERs and plants, device vs. system level) Understand/refine IEEE and IEEE 1815 security features Addressing Modbus security challenges Cyber/interoperability certification process Auditing and interoperability (device and network) Assessments (Host based/ad-hoc)

12 How to engage Who are we looking for? Energy domain experts: utilities, manufacturing, aggregators, govt Security experts: threats/countermeasures, protocols, systems Options for engagement Listen & learn once per month Receive a periodic updates Work on a focused task How to get started Sign up at Review the background materials Access workgroup page to track progress & get assignments

13 Cyber Security Workgroup portal

14 Homework: think about questions, review reference documents Given a focus on utility-to-(aggregator-to-)der connections, should our work go deeper or broader? More focus on interface vulnerabilities More focus on specific protocols Given our focus, which standards should we influence? IEEE (1547, , 1815) IETF NERC CIP Other? Review reference materials on workgroup site:

15 Next meeting September 7 at 8 AM PT Agenda Brief orientation and enlist new participants Review questions from today s meeting, discuss priorities Kick off first sub-group nail down priorities To prepare Log on to Download reading material or post comments Contact membership@sunspec.org for enrollment questions. Call or Tom Tansy at or tom@sunspec.org for any other issues. Thank You