Cybersecurity Enhancements Are Critical to Virtual Power Plants

Virtual power plants (VPPs) present an opportunity for distributed energy resources (DER) to be intelligently aggregated, managed, and optimized through a software platform to balance the grid when renewable output is not sufficient, effectively acting like a traditional 24/7 power plant. However, whenever software and hardware come together, cybersecurity considerations can be a barrier to more widespread adoption. As is the case in any economic segment, cyber breaches in the energy sector have consequences including power loss, financial damages, customer data exposure, and even physical harm. Historically, cyber threats in the energy sector were more of a concern for utility-owned resources and systems. However, as DER and other internet-connected devices proliferate across business segments, the number of potential touchpoints into the power grid for unauthorized users increases. Furthermore, as the number of DER installed behind the meter increases, so too does the number of end user data points susceptible to theft.   

Stakeholders Across the Energy Value Chain Can Make an Impact

Central to the deployment of VPPs is the idea of decentralization—meaning energy consumers will need to play a larger role in daily grid operations. DER such as smart thermostats, grid-interactive water heaters, distributed solar PV systems, and behind the meter energy storage resources located at end user sites are pooled together to provide required grid functions. DER hardware and software providers can work to assess and improve the way their products interact such that sensitive customer information is not exposed and unauthorized access is prevented. Stakeholders in the EV industry took steps to do that earlier this year when they convened at the National Renewable Energy Laboratory to evaluate enhanced cybersecurity for connections between EVs and charging infrastructure. In front of the meter, grid operators and utilities looking to utilize VPP platforms in daily grid operations must stay up to date on cyber threats and cybersecurity best practices to ensure their systems are protected from hackers and sensitive data is managed and stored securely.

Regulations and Standards Development Are Essential

As the digital world becomes more intertwined with the physical one, policymakers need to take steps to ensure they develop appropriate legislation. In December 2020, the US Congress made progress when it passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020. The law requires the National Institute of Standards and Technology (NIST) and the Office of Management and Budget to take specified steps to increase cybersecurity for IoT devices. As a result, NIST must develop and publish standards for the federal government relating to the use of internet-enabled devices used by any of their agencies (e.g., minimum information security requirements). Technology standards will eventually need to be developed for internet-connected devices in all sectors so that customers feel protected should they choose to install new energy hardware onsite. With enhanced cybersecurity standards in place, more customers are likely to embrace new energy technology. The new resources can serve their needs and, once aggregated and dispatched intelligently through a VPP, can help balance the larger grid while enabling a transition entirely away from fossil fuels.