The power grid is navigating in a world of fantastic convergence. It enters the 21st century at the beginning of the integration of two world-changing sectors—electricity and computing. The outcome of this integration promises to usher in a new era of clean, affordable, and secure electric energy supply. 

Managing, operating, and utilizing this new system securely, efficiently, and compliantly will require a transformed set of successor processes and protocols different from those employed today. Prominent among these new processes is how the industry exchanges grid data among new energy ecosystem participants.

In 2019 DOE ARPA-E funded the development of the Secure Grid Data Exchange (SGDX) to address this need. SGDX instantiates a set of easy to use processes, applications, and enabling and support services spanning business and real-time operations. Secure, it employs state of the art security approaches. Compliant, it provides intelligent monitoring and reporting to meet ever-escalating cyber threats and regulations. Efficient, it standardizes standard processes for grid data exchange, minimizing risk and cost as critical data exchange grows in electric operations and markets.

SGDX’s development partners include Midcontinent Independent System Operator (MISO), Mid-Carolina Electric Cooperative, Inc., GridBright, Inc., and the BetterGrids Foundation with input from over 40 representative electricity value chain participants from utilities, ISOs, independent power producers, regulators, technology vendors, academia, national labs, and consultants on requirements and validation for SGDX. 

Cloud computing services improve grid operations

The development of SGDX has explored and refined many elements required to deploy an SGDX.  Of these elements, the most prominent and impactful on the future of the industry is that cloud computing services can be leveraged to improve grid operations (e.g., complexities such as orchestration, metering, coordination, and security) because of its elasticity, scalability, availability, and economies of scale.

Grid operations are becoming increasingly ‘federated’ as the energy industry value chain disaggregates.  As outlined in the NIST Smart Grid Conceptual Model, an ever-expanding set of new actors (retailers, aggregators, and independent energy producers) are emerging. Increasingly, distributed applications using sensors and controls on the grid edge require cross-domain secure interactions to manage energy balance, voltage, and frequency in the future grid.  Secure inter-entity communication is fundamental to reliable grid operations, especially in a world of increasingly sophisticated cyber-threats from hackers and state-actors that could disrupt or spoof information flows.  Well documented attacks worked by sending damaging control instructions to operating equipment while sending false telemetry data back to monitoring systems. 

Many of these inter-entity communications already take place over the cloud, including public and virtual private networks.  But in most cases, the cloud is treated as a dangerous no-mans-land.  Significant investments are required to protect and limit the flow of sensitive information to/from the cloud and mission-critical reliability operations in the security perimeter that orchestrates, coordinates, and instruments the various services to deliver electricity in a secure, reliable, scalable manner.

SGDX research has identified cloud technologies and services that could significantly improve inter-entity communications security, resiliency, and efficiency.  Example solutions fall into three broad classes.

Solutions to improve the protection of sensitive grid and personal information

A class of solutions to help automate data classification, mask particularly sensitive data values, ensure end-to-end data encryption, certify data accuracy, prevent data loss and enhance audit traceability of information flows beyond the security perimeter. Digital Rights Management (DRM) and Data Loss Prevention (DLP) technologies have existed for more than 15 years to protect against the unauthorized use or modification of digital media like music, movies, books, and designs.  This technology could be used to protect and track the sharing or leakage of sensitive data such as CEII (Critical Energy Infrastructure Information) and PII (Personally Identifiable Information) to improve security and CIP compliance and address emerging privacy regulations both within and outside organization walls. 

Solutions to deliver information between entities securely and reliably

A class of solutions to help guarantee the availability of critical operations data while protecting mission-critical computing assets from both external and internal cyber-threats. An example of such technology is Content Delivery Networks (CDN) that have existed for more than 20 years to optimize website performance by routing cloud traffic to the closest available content server.  Since then, CDN technology has evolved from solving a simple efficiency issue to become an essential part of website security and resiliency, helping companies better defend against sophisticated hacker attacks and scale elastically to meet traffic spikes.  Despite being used by almost all major websites across many industries, they are not widely adopted by the utility industry.  CDN services could be developed to address utility needs to protect critical assets and dynamically scale communications during emergencies.

Solutions to reduce the cost and complexity of compliance

A class of solutions to lower the adoption barriers for smaller entities to use enterprise-class security software and monitoring services, ensuring safe and compliant communications. Services from Managed Security Service Providers (MSSP) are a relatively new breed of cloud-based vendors that allow companies to outsource some of their network and communications security operations. MSSP vendors combine best-in-class security technologies with 24/7 operations centers into a set of turnkey services that can monitor and defend external communications.  By sharing threat visibility, expertise, and response team across many clients, they provide very advanced and time-sensitive services at a fraction of the cost of on-premise software investments and staff.   MSSP type services could allow smaller utilities and other entities to operate secure virtual private communications networks at high compliance and technical sophistication levels at a much lower cost.

All these example solution classes could help address the identified need to enhance electric system reliability by creating increased choice, greater flexibility, higher availability, and reduced-cost options for responsible entities to manage their mission-critical systems at higher levels of cyber-security.   

SGDX research has taught us that “In the Cloud,” in very trite terms, could be “Smart.”

This post is derived from parts of prior published GridBright, Inc., comments to FERC NOI RM-20-8-000, and SGDX’s market-facing instantiation at GRIDEON.com.