Making the smart grid intelligent: Using software to improve power reliability Read More Sep 12, 2018
Why Vattenfall made its LV grid intelligent - the use cases Read More Sep 10, 2018
Welcome Message from David Thomson, New NES CEO Read More Jun 04, 2018
Smart Grid Security Perspectives Read More Jan 02, 2018

Networked Energy Services (NES) and eSmart Systems have written a joint white paper about making the smart grid intelligent. This blog article is an extract - read the full white paper here

Timely actionable insight is the key to making the correct business and operational decisions. Over the last few decades, significant investment has been made in the monitoring and management of the medium- and high- voltage grids.

The latest generation of smart meters provides new levels of visibility of power and voltage quality at the substation transformer and the consumer. Some smart grid solutions even provide visibility of the low-voltage grid topology and connectivity, and can create measurements from within the low-voltage grid.

With the availability of information from the low-voltage grid, software solutions that process and analyse this information can make a positive contribution by providing timely actionable insight. This insight can be used to improve operational processes and can also have a positive impact on the quality of service that the end consumer receives.

In the following, we will explore how the latest smart metering solutions can be combined with new analytics tools to improve power reliability, by looking at three key scenarios:

  • Improving Power Quality
  • Assessing Impacts of Power Quality Problems
  • Restoring Service

Improwing power quality 
Improving power quality is the fundamental step to take. This involves gathering as much information as possible about the current and historical performance of the low-voltage grid, from the substation to the consumer, and exposing this into analytics tools to help highlight the indicators of network quality problems.

The sensor network exposes a wide range of voltage and power quality parameters, at the substation and consumer premise, but also at points deep in the low-voltage grid. This information can be used to identify capacity problems and non-optimal configurations in the low-voltage grid, which can, through analytics, be used to trigger proactive maintenance activities as well as respond to more immediate problems which are directly affecting consumers, such as voltage and power quality degradations.

Modern smart meters provide high resolution data about e.g. consumption. By using advanced analytics on consumption patterns it is possible to:

  • Group customers that have obvious similarities in consumption
  • Identify new types of consumption, such as EVs in a certain area or even identify those consumers who have just bought an EV
  • Identify new types of generation in an area, like those consumers who have highly effective solar panels.

This is information that affects the power distribution, so it is important to get an overview of this and it also helps in marketing use to make sure you increase the possibility for up-sales.

Assessing impacts 
With problems in the low-voltage grid identified, it then becomes important to identify the scope of the impacts. Through closer integration of the sensor network and the analytics framework, it becomes possible to assess impacts in terms of both affected consumers, but also the business and social impact of the outages.

Not only is the topology of the low-voltage grid mapped out by the sensor network; the mapping between the topology and physical infrastructure, and topology and consumers can also be defined through integration with back-end systems.

These capabilities mean that both the possible root-cause and impact of fault can be assessed:

  • Root-cause. Indicators of poor voltage or power quality can be mapped on the topology to «triangulate» towards a probable root-cause, such as a physically damaged line serving a wider range of consumers. The DSO can then dispatch field-engineers or technicians with more certainty as to the location of the fault, which, in turn, reduces the time to restore and the field work costs
  • With the root-cause identified, the same approach of using topology can be applied to identify those consumers depending on supply over the faulty infrastructure, and so the DSO is able to start prioritising work based on consumer impact and track the end-customer’s experience with greater accuracy.

To improve the process of impact assessment and get faster resolutions it is important to have a wider perspective, a holistic view. DSOs need to utilize all data available to see as many correlations as possible.


Restoring service 
With the root-cause and the consumer impact identified, it now becomes possible to stream-line how problems are resolved through:

Improved information: More of the right information, and more up-to-date information can be shared with the teams responsible for restoring the service. This can include information about the fault and information about possible recovery actions, such as identifying available capacity for re-routes.
 

Improved priority setting: Whilst prioritizing based on the number of impacted consumers is a positive first step, the ideal should be to prioritize based on commercial, business and social impacts. This requires close integration, through analytics, of a wide range of information sets which have not historically been part of the service restoration process.
The information generated from the sensor network provides a rich source of alarm/event and historical performance information, which can be used by the analytics framework to define actions, embedded into the field-engineer’s pack and accessed on-line by the engineer from the field if required.

With the amounts of data now available, we believe the ones who win are the ones that can utilize this data, do the right analysis and take the right actions.


The future for DSOs 
The combination of a sensor network in the low-voltage grid, together with an analytics framework to draw insight from the information it exposes, provides a new and exciting set of possibilities for DSOs:

  • The first step is to enrich the information available from the low-voltage grid; not just the voltage measurements at the substation and consumer, but also a wider range of quality information, on each phase of supply, with more detail within the low-voltage grid, and with additional topology discovery
  • The second step is to provide this information into an analytics framework so that the large volumes of information can be processed to extract timely, actionable business and operational insight.

Such systems are available today, with Networked Energy Services Patagonia Energy Applications Platform and smart meters, along with the eSmart Systems analytics frameworks being excellent examples.

Thanks to new technologies on the grid, utilities have at their disposal an unprecedented level of data sources and visibility on the grid.

However, perhaps the most dynamic area, the low-voltage (LV) grid is often overlooked by distribution system operators (DSOs).

In an Engerati webinar, Lars Garpetun, R&D Programme Manager at Vattenfall, one of Europe's largest producers and retailers of electricity and heat, gave his perspective on why DSOs should pay more attention to the LV grid.

Due to the cost, he explains, the LV grid is not monitored by the SCADA system, making it a black hole for Vattenfall. To combat this, the utility established a LV monitoring system based on data from the smart metering system.

He says: “It’s been running for a few years and is very cost-effective. Today we can monitor power outage and power quality data based on events generated by the meters when an unacceptable level of quality occurs.”

DSOs in tomorrow’s smart grid
The issue at hand for Vattenfall, however, is that the solution is not ‘intelligent’, focusing on reactive actions as opposed to proactive.

Garpetun explains the issues facing DSOs moving forwards: “The solution we currently use just gives us meter events when power voltage is out of an acceptable range. In the future, it will not be acceptable, nor should it be acceptable, for customers to alert the DSOs of power outage or quality issues when the event occurs.”

As the grid becomes more complex, Garpetun explains that DSOs will need to develop their LV capabilities: “Customers’ consumption patterns are changing, and with increased distributed energy resources such as electric vehicles, there will be a drastic impact on voltage networks. Today, we have no way of handling these issues of the future. The goal for us is to lower operational expenditures and improve customer satisfaction with early identification of weakness in the grid.”

Networked Energy Services (NES) is a project partner with Vattenfall as it shifts to make its grid operations intelligent. Jon Wells, Director of product marketing at NES, says: “In the past, it’s only been commercially viable to utilize SCADA for high and medium-voltage grids, but now it’s the LV grid where all of the dynamic energy usage happens.”

To combat these issues, NES has developed a new interface which can provide more proactive insights to DSOs. Wells explains: “The solution puts on top of the LV grid, two key components - what we’re calling a sensor network and an analytics framework.”

With this framework, DSOs can build a more accurate and detailed model of LV grid topology, obtain more detailed and fine-grain voltage and power supply and quality information from the substation to the consumer, and draw timely actionable insight for operational and business decision making.

Use cases for smarter LV grids
In the webinar, the panel of project partners discussed the key use cases for the intelligent LV grid:

1) Improving power quality

One of the key use cases, according to Wells, is thanks to the LV grid topology visibility gained from the sensor network layer.

He explains that with the understanding gained of the grid topology between the transformer and consumer, DSOs can get greater insight into how best to manage power quality.

Wells explains how: “DSOs are no longer limited to just looking at monitoring points at the network edge - they’re able to understand what’s going on deeper inside. This allows them to identify longer term degradation and trends, so that they don’t need to wait for a failure.”

This combined with the analytics framework means DSOs can use that new information in an intelligent, proactive way.

Wells says: “We can find out what the indicators are for failures and use them to predict and avoid future failures, look at datasets that give information of demographics to gain more insight into the growth and demand in certain areas, and then be able to understand more about the dynamics of consumption, supply and distribution across the LV grid.”

2)  Assessing impacts

A second key use case for a smarter LV grid is to identify the impact to consumers of an event in the LV grid. Wells says: “By knowing more about the topology of the LV grid, we’re given greater insight into who may be impacted, but also we can start looking at the patterns of outages and where perhaps there’s a root cause creating wider impacts.”

The analytics framework can then look at this data and add value to it based on other data sources in the business or public domain, looking into things such as the social impact of an outage, as well as the economic and business impacts.

From there, Wells explains, operational measures can be intelligently evaluated: “We can use analytics models that are able to calculate the revenue generation of that consumer. So this can help us decide the priority criteria for fixing problems based on the social, economic and business impacts as well as the traditional technical severity considerations.”

3) Restoring service

The key concerns for DSOs restoring service in the smart grid is making operators able to identify the root cause faster, spot available capacity for re-routing and  enriching information passed over to field crews.

Wells explains: “The sensor networks role in this is to identify the root cause through reachability of network health points (points in the network which are historically highly reliable communicators) and the topology, and also identify where there’s capacity to switch energy distribution flows and where there’s been a reroute to accommodate for that problem. Then it can help drive semi and fully automatic load control.”

Following the information gained here, the analytics framework can improve the dispatch of tasks to field work.

Wells says: “We can make information provided with the field work tasks more accurate, provide more detailed and contextual information, and also are able to bring in information from wider datasets in order to be smarter about that priority setting.”

The future for DSOs and the smart grid
Next generation metering systems can give DSOs the opportunity to improve business processes by implementing comprehensive monitoring of the low voltage grid which enables them to take a more proactive approach to operations.

Garpetun sees this as a crucial way for DSOs to gain the most benefit from the future smart grid, saying: “An advanced metering system with the ability to continually measure current and voltage in combination with advanced analytical methods are the key components to provide customers and DSOs better service and lower costs.”

To find out more about the difficulties posing DSOs in the smart grid future, watch our webinar “Making the smart grid intelligent: Using apps for power reliability” on demand now.

I am very pleased to have recently joined Networked Energy Services and honoured to be its new CEO. I look forward to a highly successful working relationship with all of our customers and partners.
 
Previous to joining NES, I held a variety of leadership positions within Honeywell Smart Energy, the Elster Group and Invensys plc. So I come to NES with a strong understanding of the industry and the needs and objectives of utilities. This is why I am so excited about NES, which has a great reputation for high quality, secure, interoperable standards-based solutions. I believe that NES is well positioned to help existing customers as well as other utilities realize smart grid benefits beyond just the traditional smart metering functions through our Patagonia Energy Applications Platform (EAPTM). Patagonia EAPTM, with its focus on applications and analytics integrated into a flexible framework, is unique within the market.
 
I believe the utility industry is at critical point as it needs to find the best ways to address a variety of issues including:
 
• Security
• Reliability
• New Regulation
• Competition
• Costs
• Distributed Energy Resources
 
I believe that technology can have a significant positive impact on all of these issues, and NES is committed to providing solutions and technologies that enable Utilities to address these critical items as well as other important issues. NES can provide secure solutions with upgradeable devices that improve reliability, reduce operating costs and offer integration with new supply sources including solar, electric vehicles, micro-generation and storage facilities. Our solutions can be utilized as an essential part of not just the smart grid but the larger smart city as the industry and markets mature.
 
As you probably know, NES has already developed a great core technology and offers an outstanding innovation base. We plan to continue this direction by building on our strengths and expanding our product and services to further support our customers. Some of the key areas of focus are:
 
Energy Applications Platform
 
We continue to be excited about the recent introduction of Patagonia Analytics solutions into the NES EAPTM product portfolio. These solutions will be important as our customers address the next wave of challenges and seek return on investment for their on-going investments in the smart grid. The NES Patagonia EAPTM leverages the distributed intelligence provided by our Distributed Control Nodes (DCNs) and smart meters, reliable and secure communications, and our Headend System (HES) to provide cost effective visibility of energy supply performance and characteristics in the low-voltage grid. This, in turn, can be exposed into SCADA Systems and other business decision making tools to help utilities: reduce technical and non-technical losses, reduce or defer infrastructure investment, operate more efficiently, and understand more about consumers’ experiences.
 
Security
 
A continued top priority for NES is providing secure devices and solutions to ensure that smart metering and smart grid services and consumer information are protected. While GDPR has been a key focus recently for utilities and DSOs, data integrity protection will become more critical than even GDPR, as smart metering and smart grid information is used to make business decisions and automate processes. NES Intrusion detection and response provides an indispensable mechanism to identify unauthorised access, limiting exposure to attacks and quickly locking out the attacker. NES security follows a risk-based approach that tackles the real exposures and risks arising from a fast-moving threat-landscape, and has been reviewed and approved by a third party firm specializing in security audits. We will continue to innovate and strive to lead the industry in offering backwards compatible solutions that provide for protection of our customers’ information and service reliability.
 
Communications
 
Another key NES objective is to provide solutions that offer robust, reliable and flexible communications. We will continue to enhance our communication technologies (PLC, cellular, Ethernet, etc.) to ensure that our communications performance and reliability remains the best in the industry and provide utilities with communications flexibility. We recently introduced our point-to-point (P2P) meter. This P2P 2G/3G meter provides connectivity over the mobile network, for those cases where PLC may not be the preferred solution, and integrates into the NES head-end system, so utilities can consolidate management of their meters with the existing PLC infrastructure. This reflects NES’s commitment to make the communications with smart meters as reliable as possible and maintain our industry leading SLAs. The new P2P 2G/3G Smart Meter’s capabilities include future proofing features such as over-the-air upgrades for modem and meter firmware, as well as a field swappable communication module design, allowing module replacements without interrupting electricity service to customers.  The solution also supports unique system capabilities, such as SMS shoulder tap, quick system registration, and last gasp outage alarms that produce operational savings created by reduced installation costs and efficient data rate usage.
 
Production
 
In addition to our solution, our management team is keenly focused on executing our production strategy, which includes improving our production capabilities including providing better quality and shorter delivery times. By incorporating best practices and a continuous improvement philosophy, we will ensure that our support and delivery teams are able to meet all of our commitments. As part of our strategy, Jonathan Watt has joined our senior leadership team and will serve as our Chief Performance Officer. Jonathan is a highly experienced Supply Chain, Operations and Business Performance Improvement specialist who led the Procurement function within the Elster business from 2013 to 2017. He has experience and very strong contacts within the European electronics and metering markets at both customer and supplier levels. Initially, he will focus on our key supplier relationships and value chain, along with a broader concern of driving business performance improvement.
 
Summary
 
Our commitment to providing our customers with the most secure and reliable smart grid foundation remains essential to our business. We will continue to invest in R&D, with a goal to provide more innovation to the smart grid and smart metering solutions offered by NES. We are dedicated to furthering the success of smart grid initiatives and we look forward to joining together with you to deliver valuable results and measurable improvements in safety, reliability, and efficiency. If I have not met you yet, I look forward to meeting all of our customers and partners in person, and most importantly, we look forward to continue providing products and services that exceed your expectations and help the industry with the evolution and innovation towards establishing a truly smart grid.
 

This paper provides smart grid security perspectives from a security expert involved in both attacking and defending these types of systems in practice. It is formatted as an interview, with questions and answers. The topics include smart grid threats, defensive approaches, and security certification perspectives. 

Security is getting a lot of attention in all sorts of industries. For utilities, what are the main types of threats they face related to smart meter systems (AMI), and the smart grid in general? 

There are three sets of threats that need to be addressed. There is the set of "old school" threats of fraud, theft and safety, which have long been a top concern for utilities. There is a newer and growing set of regulatory threats around non-compliance, such as the General Data Protection Regulation in Europe. Finally, there are the threats associated with the adoption, use and increasing reliance on information technology, such as cyberattacks that can prevent a utility from delivering its services. Some of these threats are similar to those of a traditional IT infrastructure, but their priorities and threat model usually differ significantly. For example, utilities use AMIs and smart grids to store, distribute, and manage energy using information technology. Therefore, they share many of the same assets and corresponding threats as other entities relying on information technology systems. There are three main types of threats I spend a lot of time thinking about while working on providing a safe and resilient platform for smart grids. 

  • Threats that disrupt or prevent utilities from delivering energy. Most of us rely on the availability of electricity to power heating systems, hospitals, communication systems, transportation systems, etc. Outages can have severe and even fatal consequences for us and our businesses. There are many threats that can result in outages; from nation-sponsored cyberattacks to software malfunction, operational mistakes and natural disasters. 


Fig. 1: Key considerations of a security system.

  • Threats originating from criminal organisations that monetise from a utility’s lack of security. Over the past years, we have seen a rapid increase in malware samples and attacks specifically targeting utilities managing AMIs and smart grids. “Smart” almost always means “vulnerable” which in turn means opportunity for cybercriminals. A common, and unfortunately effective, tactic is to demand a ransom in exchange for not damaging a utility's infiltrated systems and/or reputation. 
  • Threats that may compromise our privacy as utility customers. Utilities are responsible for handling and storing private information. This makes data leaks and unauthorised accesses to this data two of the main threats to privacy.

Of course, these are only part of the threat landscape that needs to be specifically mapped out by experts when conducting risk assessments for the specific grid at hand.  

AMI and the smart grid is an evolution that continues to change within the industry, how has security and protection evolved over time, and what are the expected changes that we will see in the future? 

Before AMIs and smart girds, the industry relied on physical security measures and obscurity to protect the power grid. Fences, door locks, guards, video surveillance, and the obscurity of physically-isolated proprietary control systems were often enough to manage the threats utilities were facing. In addition, incident response procedures were often wellestablished and fairly comprehensive.

The introduction of AMIs and smart grids, and thus information technology, changed everything and necessitated a new industry expertise: information security. However, although industry embraced the many operational and financial promises of AMIs and smart grids, information security expertise was severely lacking and properly securing these new and advanced systems became an afterthought at best. This resulted in fragile and insecure smart grid deployments developed from non-existent or misguided security recommendations.

We are only now seeing industry and nationleaders waking up to the “cyber” reality as devastating cyberattacks on utilities are publicly being disclosed. As a result, initiatives to establish nation-wide baseline security requirements and security certifications are in progress. Unfortunately, these initiatives may be too late in some cases and may even foster a compliancy-defined approach to security. We have learned from other industries that this is a harmful approach; an expert-driven risk-based approach to safe and resilient smart grids is the way forward.

Smart grids will continue to increase in complexity, and attacks will continue to increase in both sophistication and frequency. An adaptive and comprehensive approach to security is needed to keep up with this advancement and it starts with expertise, politics, and financial incentives. 

How should a utility approach ensure security of its systems? 

Utilities need to go beyond compliance, make information security an integral part of their core business and invest in it accordingly, focus not only on protective measures but in detection and incident response as well, conduct independent risk assessments on a regular basis with their technology vendors, and most importantly, obtain as much expert knowledge as possible in order to determine exactly how and precisely where to invest in security.

A misconception that I often hear is the assumption that the internet and the smart grid share identical system characteristics. In reality, smart grids differ greatly from the internet in terms of communication technologies, network reliability, smart meter/ server resources, and threat model.

A consequence of applying an internet-biased security mindset to the smart grid can result in degradation of performance forcing utilities to compromise on security in order to meet service-level agreements (SLAs). You must understand the technical differences in order to apply the appropriate security measures. There is no one-size-fits-all when it comes to securing these complex systems. 

There are various certifications used by utilities to ensure compliance to various standards and processes. How does certification factor into security solutions and implementations? 

One on side, certification provides a minimum baseline of practice and raises the bar for all. Certifications also provide transparency and accountability for security and compliance,and helps utilities demonstrate to regulators and legislators that they are doing their job. If security certification becomes part of regulation, then it also forces utilities to spend money on security. These are all positive and important factors of certification.

On the other side, however, security certifications can discourage utilities to go beyond compliance as there is little financial incentive to do so. Certification processes also have a long-standing reputation for being disruptive, cost ineffective, and providing superficial security assurances. Certification can also discourage new practices and technology adoption because of the need for re-certification. Finally, certifications are slow-moving which is in direct contrast to the fast-changing threat landscape that they hopelessly try to keep up with. That being said, I do believe a regulated security program can be beneficial to the industry if it is able to resolve the issues mentioned before, help hold utilities financially liable for securing the power grids that we all rely on, and to use it as a tool to foster a risk-based and comprehensive approach to security. 

What are the key areas needed to ensure a secure system? 

Utilities should continuously strive to maintain a safe and resilient system. To do so, three key areas need to be covered: protection, detection, and incident response.

Protection is about trying to prevent security breaches from happening in the first place. Encryption and authentication are two examples of preventative security measures designed to protect the confidentiality and integrity of information, respectively. There is one thing we have learned in the security industry – the highly skilled and focused attackers will always find a way to either break through or entirely circumvent the protective measures. This brings us to detection and incident response.

Detection is about detecting security breaches before, after, or as they are happening. It is important to have measures in place for monitoring both incoming and outgoing events. There are many attacks that go undetected once they have infiltrated the system.

Incident response is about being able to handle breaches of security in a timely and efficient manner. It relies on people, processes, and technology. During a crisis, it is essential to have an action plan in place to regain control of the situation as fast as possible. 

You mentioned that "comprehensive security" is the essential approach for utilities. What does this mean to you? 

 “Comprehensive security” is a loaded term. It means different things to different people. For me, basically, it means that your security goes through a continuous cycle of three stages:

  • Identify: Pinpointing areas of concern and prioritising them based on risk. This is also known as risk assessment. For a risk assessment to be considered comprehensive, keeping up to date with current threats is crucial.
  • Improve: Design and implementation of the security measures used to address the identified areas of concern.
  • Evaluate: Evaluating all of the security measures in practice. This needs to be done internally as well as by an expert third-party ensuring a fresh perspective. In relation to the previous question, it is worth noting that comprehensive security leads to compliancy.

Some industry experts state that utilities should conduct risk assessments to identify the areas of concern, what is involved in a risk assessment? 

The ultimate goal of a risk assessment is to answer the following question: where should we invest in security? To answers this question, utilities must first identify and prioritise their assets. Next, they need to enumerate all threats to the assets. Finally, they must assess and rank each threat according to the impact and likelihood of the threat. Based on the rankings, a decision can be made as to which risks need to be addressed. This is the classic approach. The hard part, as always, is hidden in the details.

Acknowledgement

A version of this paper was published in Smart Grids Polska, issue 16. Contact Emil Gurevitch, Networked Energy Services, emil.gurevitch@networkedenergy.com

View all NES News