All Reports
2Q 2023

Deploying Microgrids as Cybersecurity Solutions

After domestic extremists attempted several attacks against US bulk electric system (BES) components in 2022, the Federal Energy Regulatory Commission warned of a likely escalation of attacks on BES in 2023 and directed the North American Electric Reliability Corporation (NERC) to tighten rules for low-risk systems from vulnerabilities introduced either intentionally or by accident by authorized vendors in electrical component supply chains. NERC’s new rules, announced in March 2023, extend many of the same cybersecurity requirements to low-risk system components it imposes on more critical systems.

In a broader effort to address virtual threats, the Biden administration released the U.S. National Cybersecurity Strategy, which articulates how the White House intends to address cybersecurity threats even as it embarks on the largest expansion of US infrastructure since establishing the interstate highway system.

This Guidehouse Insights study reviews recent regulatory efforts to address emerging cybersecurity threats and explores how microgrids should be configured to reduce their vulnerability to cybersecurity risks. It also looks at how they can be deployed as active cybersecurity solutions, countermeasures that can identify, isolate, and eliminate cybersecurity threats, mitigate damages, and help stakeholders meet new, more stringent cybersecurity regulations.

Pages 23
Tables | Charts | Figures 3
  • How vulnerable are microgrids to cyber exploitation?
  • Do networked microgrids pose a particular risk by increasing the virtual surface area that is vulnerable to cyberattack?
  • Are microgrids compatible with zero-trust architectures?
  • Are microgrids particularly vulnerable to a specific type of cyberattack?
  • Does aggregating behind-the-meter distributed energy resources increase cybersecurity attack vectors?
  • How can microgrid controllers be employed to defend against cybersecurity attacks?
  • What are some methods for effectively valuing cybersecurity?
  • Microgrid software developers
  • Energy as a service providers
  • OEMs suppliers to microgrid vendors
  • Microgrid and Distributed Energy Resources (DER) customers
  • DER aggregators
  • Regulators and policymakers

Spark

Context

Recommendations

Microgrids Can Be Cybersecurity Solutions

New Cybersecurity Standards Are Impacting Microgrid Software Vendors and OEMs

Europe Faces Additional Threats from State Actors

Distributed Energy Resources Integration Creates New Security Risks

FERC Order 2222 Could Increase Vulnerabilities from DER Aggregations

Poorly Deployed Microgrids Can Open Cybersecurity Attack Vectors

Communications Protocols Present the Greatest Vulnerability

Selecting a Protective Microgrid Communications Protocol

Perimeter Defenses Provide Insufficient Protection

Zero-Trust Architectures Treat Internal and External Users with Equal Suspicion

ZTAs Continuously Verify

ZTAs Minimize Impact

ZTAs Automate Context Collection and Response

Microgrids Can Be Integrated with ZTAs for Additional Cybersecurity

Critical Microgrid Configurations Provide Unique Cybersecurity Benefits

Networked Microgrid Communications Identify Attacks

Network Segmentation Isolates Threats

Microgrids Can Defend Against Cyberattacks

False Data Injection Attacks

Denial of Service Attacks

Smart Tracking Firewall

Signal Spoofing / Man-in-the-Middle Attacks

Ride-Through and Trip Threshold Manipulation

Microgrids Can Operate as Cybersecurity Countermeasures

Intrusion Detection

Automated Incident Response

Honey Pots

Utilities and Other Consumers Should Follow Best Cybersecurity Defense Practices

Employ a Zero-Trust Architecture

Deploy Multiple Threat Detection Strategies

Always Deploy IPv6 Networks Independently of, or Tunneled over, IPv4 Networks

Microgrid Vendors and OEMs Should Incorporate Cybersecurity at the Design Stage

U.S. Microgrid Software Developers and Manufacturers Should Avail Themselves of New DOE Cybersecurity R&D Programs and Funding

Clean Energy Cybersecurity Accelerator Program

Office of Cybersecurity, Energy Security, and Emergency Response Grants

EaaS Microgrid Vendors Should Explore Cybersecurity Offerings

  • Five Pillars of the U.S. National Cybersecurity Strategy and Their Related Strategic Objectives, March 2023
  • Zero-Trust Implementation Scheme for Remote Access to a Networked Microgrid
  • Summary and Evaluation of Potential Microgrid Communication Protocols
Choose a License Type
$1,850 USD
$2,775 USD
Industry Insight Mar 07, 2016
IoT and Wireless Communications