When it comes to cybersecurity, microgrids live a dichotomy. They can block the ill effects of a hacked power grid. But they also can invite trouble.
Because of their ability to island from the grid, microgrids offer protections to their customers during an attack on the grid. If a hacker causes a grid outage, the microgrid can separate itself from the trouble and use its onsite distributed generators. It’s safe from the hack, and its customers continue to receive power while others are in the dark.
But here’s the problem. Unprotected, microgrids also can offer an entry way for malicious code and viruses to make their way into the grid. They are among the many pieces of the internet-of-things now attaching themselves to the grid (as are smart thermostats, solar panels, and electric vehicles). Security experts worry about these potential portals for bad actors.
So the more protected the microgrid, the better for all – microgrid customers and everybody else.
That’s one the reasons Eaton and UL are embarking on a new cybersecurity collaboration, announced today. Eaton, a power management company, and UL, a global safety science organization, are partnering on creating cybersecurity standards for power management products.
The idea is to make sure all of the components within a microgrid meet the same high standard for cybersecurity. Microgrids often have many pieces – generation, storage, switches, controllers – that come from various manufacturers. Each manufacturer may have a different view of what makes a device cyber secure, leaving the microgrid customer confused and concerned about the safety of the installation.
“In the absence of a standard, the customer is inherently dependent on the practices, processes and procedures that a manufacturer has in place,” said Michael Regelski, senior vice president and chief technology officer for Eaton’s electrical business.
Bringing UL to the table creates an independent, third-party authentication that offers “peace of mind” for microgrid customers, said Regelski, in an interview.
“Cybersecurity starts when you conceive the product. You have to be thinking about cybersecurity as a vulnerability,” he said. This approach “leads to designing things that are built with the right costs, with the right capabilities.”
Together, Eaton and UL are working on setting measurable cybersecurity criteria – not just for microgrids – but for all network-connected power management products and systems.
The standards come as worry about cyber attack expands. Once largely a concern of government, military and the financial services sector, it has now made its way into the businesses community. In fact, large manufacturers rank cyber attacks as one of their highest critical risk factors within annual 10-K filings, according to a 2016 BDO Manufacturing RiskFactor Report.
“We seek to help manufacturers, their customers and other stakeholders mitigate security risks through science-based assessment and evaluation,” said Ben Miller, president of the commercial and industrial business unit of UL. “Our collaboration with experts at Eaton is providing some of the crucial inputs to developing the technical expertise for new standards, and it’s helping advance UL’s efforts to protect our world’s critical infrastructure against ever-increasing cybersecurity threats.”
Eaton testing lab earns UL credential
Eaton also announced today that its cybersecurity research and testing facility in Pittsburgh has become the first lab approved to participate in UL’s Data Acceptance Program for cybersecurity. Available on a limited basis, the program aligns Eaton’s testing methodologies and data generation with the UL Cybersecurity Assurance Program for UL Standards 2900-1 and UL 2900-2-2.
In addition, Eaton’s Power Xpert Dashboard recently became the first power management product certified to the UL 2900-2-2 Standard for cybersecurity in industrial control systems. This user portal to Eaton’s switchgear enables customers to monitor, diagnose and control equipment from a location outside the arc flash boundary.
View all SMART GRID Bulletins click here