by Jeff St. John
April 20, 2018

How did regulatory policy get so intense?

As FirstEnergy seeks bankruptcy proceedings and emergency aid for its struggling coal and nuclear power plants, we’ve seen reports of the Trump administration considering using the Cold-War era Defense Production Act to nationalize these power plants to protect them from facing market realities. 

Meanwhile, FERC received PJM’s two distinct plans for reforming energy markets to value baseload generation resources — neither of them very popular with the majority of its stakeholders — and upheld a complaint about PJM’s recent changes to its troubled frequency regulation market, creating a technical conference to hash out the conflicts. 

But the most ominous policy news of the week may be the escalation of cyber-conflict between the U.S. and Russia. On Monday, U.S. officials joined counterparts in the U.K. to warn that Russian-backed hackers have gained potential access to hundreds of thousands of “network infrastructure devices worldwide such as routers, switches, firewalls, [and] network intrusion detection systems” in homes and businesses. 

“Russian state-sponsored actors are using compromised routers to conduct spoofing ‘man-in-the-middle’ attacks to support espionage, extract intellectual property, maintain persistent access to victim networks and potentially lay a foundation for future offensive operations,” the joint report read. While it didn’t specify how deep or long-lasting the intrusions had been, it did express “high confidence” that the Kremlin was behind the attack. 

Monday’s report is a recognition of the reality of cyber-espionage, in which major state actors are assumed to be regularly seeking access to unguarded IT equipment and exploiting it where they can. Australia and Germany have reported their own intrusions matching those described in the joint U.S.-U.K. alert, indicating that Russia isn’t exclusive in its efforts. 

These increasingly blunt political responses are also wrapped up in a broader push against Russian President Vladimir Putin’s alleged masterminding of cyber-interference into the 2016 U.S. election and political process. They’re also a response to the escalation of harm being done by Russian-backed hackers, such as the NotPetya attack last summer, dubbed the “most costly cyberattack in history.”

And of course, Russian hackers have been identified in the only known cyber-takedowns of a real power grid, in Ukraine, first in December 2015 and again in December 2016 using a more sophisticated malware dubbed “Crash Override.” In the United States, we’ve seen years of reports that Russia has been seeking access to utility operations technology (OT) systems that could allow it the potential to carry out the same kind of attacks. 

Last month, we reported on the latest U.S. cyber-alert on Russian hackers seeking to gain access to the IT networks of utilities and technology vendors serving the energy industry, with the long-range goal of penetrating the operations systems of power plants and the power grid. While the report did not report any successful leaps from IT to OT networks, it did detail how hackers had reproduced operation interfaces for key systems like generator turbines. 

At the same time, this month saw a cyber-takedown of software serving the natural-gas transmission industry, with repercussions for the pipeline companies and utilities that rely on third-party software to conduct much of their day-to-day business. While the nature and source of the attack have yet to be revealed, the U.S. Department of Homeland Security’s cybersecurity team has long highlighted the threat of cyberattackers gaining access to third-party vendors’ IT networks as a route into more critical utility systems. 

The Trump administration has not earned confidence on its response to Russian cyber-intrusions to date. President Donald Trump once tweeted that the U.S. should consider working with Russia to combat cybersecurity, an idea that was quickly mocked out of existence. “When we see malicious cyberactivity, whether Kremlin or other nation state actors, we are going to push back," White House cybersecurity coordinator Rob Joyce told reporters on Monday — just hours before news reports that he is resigning the job. 

Although the Trump administration is planning to create a Department of Energy energy infrastructure security office, it has also proposed slashing funding for DOE research programs including cybersecurity in its annual budget requests. Congress didn’t enact these cuts in its March 2018 spending bill, however, choosing to keep most DOE programs funded at the previous year’s levels. 

Congress is also proposing legislation to improve DOE’s response to cyber-threats. This week, a House of Representatives Energy and Commerce panel advanced four bills designed to improve cybersecurity coordination between the DOE and other agencies. One bill would codify the DOE security office’s 2019 budget request. Two would create voluntary programs to share cybersecurity plans between DOE and the private sector, and the fourth would require DOE to adopt cybersecurity plans for natural gas pipelines and liquefied natural gas (LNG) export terminals. 

Building the unified grid database

The energy industry uses its own specialized hardware and software, with layers upon layers of legacy equipment for separate utility departments that are still being integrated into a unified whole. While that does complicate efforts by hackers, it’s also a major impediment to utilities trying to integrate their existing IT and OT platforms in ways that can support cross-platform implementations, or even to share data in common frameworks. 

Big grid vendors like Siemens, General Electric and ABB have been using cloud computing and big data analytics to integrate these multiple “sources of truth” into common IT frameworks. This week’s IEEE PES T&D Conference and Exhibition in Denver served as a showcase for many of these efforts, including Siemens’ implementation of a so-called “digital twin” to “virtually analyze and plan supply and demand needs across a complex electrical system.” 

“Using virtual tools, a grid operator can reduce the amount of effort collecting and verifying data, improve investment planning based on accurate forecasts, better integrate conventional and renewable power through accurate modeling, and improve overall grid reliability,” the German grid giant wrote in its press release. 

Ben Kellison, grid research director at GTM Research, noted that the concept of a “digital twin,” or digital simulation, is already in use to predict equipment failure and advise on preventative maintenance in power plants or other enclosed systems. But applying it to a system as complex as a power grid requires moving to a single data model, he said — and “that is a big deal — as big a deal as when ADMS combined DMS and OMS into a single connectivity and impedance model via a GIS." 

In the past, different models of the network have been used to suit the individual operational needs and objectives of different systems. Distribution planning systems like Cyme, Synergi, Sincal and others had their own models, as did transmission planning systems, outage management systems, distribution automation control systems, and asset management systems. That made sense as long as it lowered coordination requirements, sped up day-to-day work, and lowered IT requirements for the system as a whole, said Kellison.

But the emerging grid is far more complex and interactive than the traditional grid, driving the need for utilities to share data between many different systems. With today’s separate data models, this integration requires “many manual data transfers or extensive integration to maintain these models — a massive effort,” Kellison said. "By moving toward an integrated model with operational data that can be used to simulate conditions and changes to the network, utilities can hopefully reduce underlying model errors, duplicate work, and create fewer sources of truth."

Swiss-based ABB also announced some new attributes of its Ability digital platform this week, including support for single-point technologies like its TXpert digital distribution transformer, and more integration-heavy applications like volt/VAR management. 

It’s all about the data: Uptake buys APT for utility asset management

Asset management systems (AMS) are an important subset of utility software that track how well individual pieces of grid equipment are performing and whether they are at risk of failure. That’s ranged from paper reports and schedule-based maintenance to more advanced sensor and data-driven systems. In recent years, it's included a suite of IT platforms that marry data from disparate systems to deliver far more accurate, big-data-derived results. 

This week saw an important acquisition in this space — Albuquerque-based Asset Performance Technologies was bought by Chicago-based predictive analytics startup Uptake for an undisclosed sum. Uptake, which aims at analyzing real-time industrial internet of things data to improve maintenance and cut downtime, boasted a $2.3 billion valuation as of its latest venture funding round in November 2017. 

Kellison noted that lack of data is the top challenge for starting an AI-/pure analytics-based software solution for asset health and performance. “Number-crunching is done by many and data is owned by few. GE, ABB, Siemens and others have largely relied on their own data from their own products in the field to develop models.” 

APT was one of a few competitors — Doble and Kinectrics are others — that collected more open-source data and specialized in performance and operational information involving infrastructure, Kellison noted. “IBM, SAS, ABB and a few others have looked to partner with these folks to get access to this data to develop asset health centers' asset performance management programs,” he noted. 

Uptake itself has had some key clients in utilities in the past, including Berkshire Hathaway's MidAmerican Energy, he noted. But the firm has “largely been viewed as a flashy startup with great IT chops and without strong operational experience. This gives them some data and staff to work with that can satisfy engineering-team-driven clients.”