Personal notes from GridForward2019.
I haven’t made any effort to clean these up other than to find relevant links that I’ll research later.
Presenters: Rolf Bienert and Don Duichinos
- Oasis Inter operation created by Oasis Open
- Sends requests not commands, customers can opt in/out
- Service events have start/end/intervals
- Service events can be re-sent with updates (there’s a sequence number)
- Security is PKI based
- Security model vetted by:
- How are certs revoked and/or updated (CRL for revocation)
- Can organizations provide their own CA (Yes)
- How are upgrades performed? OTA?
- Are commands idempotent? Is every command ack’d or is this fire-and-forget?
- 2030.5 IEEE 2030.5-2018 - IEEE Standard for Smart Energy Profile Application Protocol
- CTA-2045 Port to dispatch (control) water heaters
- CA Rule 21
- R.A.T.E.S.org – I cannot find this site
- Quality Logic has online learning for OpenADR
- What is DERMS? Where are you in that value chain?
- Is it a distribution tool? A transmission tool?
- 3 Forms/lineages
- EMS/GMS ?
- Australia soon 40% of their gen will be on the customer side
- Advance forecasting, load flow, load management, asset use
- Devices behind the meter: settlement, delivery, back office management
- “We” have no idea how to change business processes when deploying DRMS:
- interconnection permits, DR group, ops group
- utilities actively looking at this
- have to learn how to manage DERS
- Capacity relief on a substation
- forecast DERS, monitor, how is it registered?
- ADMS registration? Need an interconnected update process
- reactive power? interconnect agreements?
- Operators need response on the system
- Market structures, policies, programs
- How to unify perspectives?
- Problem With Theft
- Collecting 2M metrics on hourly/5/15minute intervals
- Transformer impedance / voltage profile -> looking for anomalies
- Energy balancing : reconciling billing vs generation, looking for theft or data quality errors
- Drivers: large theft scenario of grow ops
- secondary issues of safety
- theft totalled 7% of load, equivalent to ~80K homes
- leads to premature asset failure (transformer overload)
- AMI - enhanced field investigation team
- Over time, theft teams went from 60% to 5% of investigations resulting in identifying theft
- Result: $732M in savings
- Q: Does the result factor in the theft detection costs (system creation, maintenance, investigation teams, etc.)?
- Used external solution to start, Data Raker, from 2011 to 2014
- Used DR while developing in-house solution
- Deployed DR and in-house solution side-by-side
- A/B systems compared in final analysis
- Key takeaways:
- IT/OT bridge : the business and technical relationships were key
- Maintenance system is at 78TB currently and grows by 6TB/month
- Stack uses Greenplum and HortonWorks
- Status Quo is lacking framework for incentivizing storage
- Opportunity to decarbonize / digitize / and democratize
- Create monetization and value
- Pricing and billing engine for TOD pricing took 10 years
Strategy across industry
Breaking down silos
What or the goals and objectives?
Evaluate framework / value streams / DOU / Rate designs
Need financing mechanisms to bring systems to people that cannot afford 10K for a battery system
Need confidence in data
What’s needed in the regulatory environment? …crickets.
Pathways to Deep Decarbonization
- transmission - IRP
- distribution - planning is somewhat separate
- smart grid & AMI & batteries & self-healing -> increased reliability and flexibility
- feeder deployments have decreased outages
- trees lead to outages on the grid
- w/o digitization decarbonization won’t happen
- Example 2MW in Glacier Whatcom County
- 10mi long radial ~ 100" snow/year
- difficult to restore power
- battery installed allowing
- restored power in August
- large commercial / military customers
- Pilots & Partnerships Ecosystem
- Pilots allow controlled ecosystem w/ controlled costs
- Responsible to customers and the environment
- Game Changers
- EV infrastructure
- WA - 40% of carbon emissions are from transport
- WA - 50K electric vehicles
- WA - project 400K - 1M by 2030
- UpNGo – can test drive EV vehicles? Cannot find link
- Heavy transport / Maritime
- Pro LPNG facility in Tacoma
- Hoped for achievements in 5 years
- No Cyber Security events
- Cost effectively meet goals in clean energy
- D&I - unconscious bias / trust / etc.
What are the top Cyber risks?
- build relationships before incidents happen
- it’s an evolution
- not going to see the exact same thing, cannot predict threat vectors
- build resiliency models to detect, categorize, react to threats
Who faces Cyber attacks?
- today, distribution
- targets of opportunity, places w/ most potential for damage
- as distribution becomes hardened, then attacks move
- transmission is expected next
What about vendors? What role do they play?
- recent attacks via vendor pathways
- old devices w/ old vulnerabilities
- new devices w/ vulnerabilities, un-encrypted firmware is easily examined and rooted
- not signing firmware, even large firmware vendors
- micro-grids with smaller companies in these spaces may not have resources to properly defend against these attacks (however it was also stated that the larger companies are also doing a poor job of defending, so seems a bit FUD).
- STIG Open Source threat modeling software
What role do Regulations Play?
- IC Level Chain
- IC Level Chain
- NERC - focus on legacy environments, on the cusp of engaging with the cloud
- NERC - does not have language? for cloud cyber security
- Threat Vectors
- Data protection
- Weakest link is humans
- Employees must be aware of attack vectors
- Leaders must start investing in employee awareness
- Awareness training is a constant thing
What happened in March?
- Fishing attack, stage 1 malware
- Followed by lot’s of, trust us, sorry, we have to keep secrets, blah blah
What happened in the Ukraine?
- not designed to attack the grid
- stage 1 -> 4
- found value
- attacked SCADA
- deleted stage 1 and started scavenging for VPN connections
- managed routers and switches have VPNs into target environments
How to trust Vendors?
- Segmented networks
- Scoped roles/access to the secure resources/networks
- Verify vendor compliance
- Do not blindly trust vendors or their compliance
- Pen tasting?
- Validate, check policies, use 3rd parties for risk management
- Need to involve cyber-security from the beginning
- ICS Kill Chain
- Procurement process (RFP) needs to have cyber-security as part of the process
- visibility fabric devices
- anomaly detection devices
- what to do with alerts? need to invest in human capital to deal with alerts and make meaningful decisions
- train from within
- Gridex Government training for incidents
- SANS.org Has paid training for ICS
- ICS Security Conference
- Houston Security Conference
- Follow “Clint Bodungen”
- Follow “Robert Lee”, owner of dragos
- relying on customer networks and modems was a disaster
- water heater controller has high acquisition cost
- BPA does not supply real time information (costs)
- Degraded the battery installed at a youth home by 20% in 5 years by cycling from 0 -> 100% charge
- TOD rates
- Micro-grid an a 330 mile radial feed
- not part of CAISO, part of LADWP
- cannot use market to help w/ intermittent resources
- 100% smart meters
- vertically integrated
- EV charging TOU rates
- fiber over the city
- local gen
- biz cases
- fund outcomes not departments -> 7 outcome areas
- electric utility is under multiple departments -> outcome is safe community
- 3x bottom line : economic / social / environmental -> changes how you think and do business
- need big thinkers, don’t be afraid, take chances
- costs now provide benefits later
- hoover dam as an example
- had vision and big thinking
- integrating RE for the environment is new vocabulary
- think in decades
Biggest Forward Thinking Investments?
- Inter-mountain Power Project (IPP) - 18MW Coal Plant
- Online since the ’80s
- working to accelerate plant shutdown and replacement with NG plant
- Southern Transmission System
- 50 year commitment to a gas plant
- Renewable hydrogen?
- the best of many imperfect solutions
- know your audience / members
- local gen was asked for
- landfill to gas plant - first in Montana
- timber manufacturer - biomass -> energy
- community solar
- members are willing
- One of 6 places of invention mentioned in a Smithsonian exhibit
- 500K cost share was from community members
- Collaboration and partnership
- High-tech area
- Climate economy
- No shareholders
- No state regulations
- Local control and accountability
- Not mandated as investor owned utilities are
- Taking shareholders & regulators out of the equation -> yields advantages and more resilient decision making process
GW of DER
Regulation and Innovation
“Regulators need the same level of detail as a CFO”
- whole plan
- future sunk costs
- mitigating risks
- societal benefits
- IRP Integrated Resource Plan
- WA State Bill 51162019 Senate Bill 5116: Supporting Washington’s clean energy economy and transitioning to a clean, affordable, and reliable energy future
- WA State Bill 1444Concerning appliance efficiency standards.
- In WA transport is 45% of our GHG emissions
- AMI Smart Meters (bi-directional)