US teams use AI to combat inverter hacking threat

U.S. researchers are building machine learning and autonomous systems that improve solar cyber security and will be tested at commercial facilities.

In November, the U.S. Department of Energy (DOE) selected four cyber security projects in its latest $128 million funding round for advanced solar research.

The funding comes as increasing connectivity and grid efficiency goals present operators with new cyber security challenges.

In March, solar power operator sPower suffered a series of intermittent denial-of-service attacks which caused its Cisco-supplied firewalls to collapse. The breach reportedly allowed data requests to flood the system, overload the network, and affect some 500 MW of operational solar capacity.

In a filing to the DOE, sPower logged the breach as a cyber event that "causes interruptions of electrical systems operations" and "could potentially impact electric power system adequacy." SPower began patching outdated devices and updating software, but a vulnerability had been revealed.

For some time, security experts have warned about a more sustained attack aimed at switching off large portions of the electricity grid.

In 2018, the U.S. Department of Homeland Security (DHS) said Russian hackers had gained access to the control rooms of U.S. electric utilities by first penetrating the networks of suppliers who had trusted relationships with the power companies.

In September 2017, cyber security firm Symantec said it believed a sophisticated cyber espionage group known as Dragonfly was behind a wave of cyber attacks on European and U.S. power generation companies. Power blackouts in Ukraine in December 2015 and 2016 were also blamed on electricity grid cyber attacks.

Vulnerability assessments and tighter employee access remain key to improving security at solar plants, but technological solutions are also on the horizon.

U.S. research teams are developing cutting-edge inverter software and hardware that can detect and mitigate the specific risks posed by solar plant infrastructure.

Detecting threats

Specific attributes of solar plants make them particularly vulnerable to cyber attack. Tests have shown that the hacking of inverter devices could compromise grid stability, prompting suppliers to update their technology.

“The primary risk is that the inverters or the grid-interconnect controller are compromised,” Alan Mantooth, Distinguished Professor and research leader of Electrical Engineering at the University of Arkansas, said. The university is leading a 'Multilevel Cybersecurity for Photovoltaic Systems,' research project, which aims to improve cybersecurity at inverter and system level.

Backed by $3.5 million of DOE funding and $1.1 million cost share, the University of Arkansas researchers aim to develop an inverter to address supply-chain security and real-time intrusions.

"The inverter would have detection and mitigation protocols built in, as a defense mechanism," Mantooth said.

The team will develop machine-learning algorithms that evaluate security at the inverter and system level.

Even the hardware architecture is being modified to work with these new algorithms, providing a "fail-safe" type of mode, Mantooth said.

"So, if someone were to penetrate the cyber security barriers, there are hardware measures in place that will stop anything really bad from happening," he said.

Once certified as fully grid compliant, the new inverter will be installed in an operational solar farm, in parallel to the existing inverter.

The team will then test the new inverter by trying to penetrate the system.

"That’s a massive undertaking, as this an active solar farm, providing real power to the grid," Mantooth said.

The DOE is also funding research in autonomous inverter controls that improve grid resilience, led by the University of Central Florida, and a project by the Texas A&M Engineering Experiment Station to develop a cyber security system based on the concept of ‘watermarking’, namely pushing a test signal into a grid in order to authenticate security measures.

Innovations in blockchain technology will also help improve cybersecurity, Mantooth noted.

Blockchain’s information transparency and decentralized nature makes it a useful cyber security weapon, as all members can record and view any data encrypted onto their block, helping to maintain data integrity, and offering wrongdoers no “hackable” entry point.

Cyber walls

At the start of this year, new U.S. federal regulation came into force requiring operators of plants over 75 MW to implement and maintain a properly configured firewall.

Approved by Federal Energy Regulatory Commission (FERC) in 2018, the Critical Infrastructure Protection (CIP) Reliability Standard requires solar generators to have their cyber security policies approved every 15 calendar months by an appointed CIP manager.

The regulation should help operators address security breaches, electronic access controls, physical security controls, incident responses, recovery plans, and employee training. However, firewalls can still be breached and companies must prepare accordingly, Jon Franzino, Director of Grid Security at Grid Subject Matter Experts (GridSME), said.

Misconfiguration of cyber security systems remains a key risk in the solar sector, Franzino said. Most control centre staff are not network security experts, he noted.

Operators should also restrict access to systems to only those who need it, as many users often do not require the level of access they have been given, Franzino said.

"It’s the simple stuff we need to do," he said.

Defence costs

Cyber security packages will slightly increase upfront costs for solar projects, but should not change the underlying architecture of the system, Mantooth said.

During operations, staff must be educated on how to respond to detection signals, and know when to allow autonomous solutions to handle the problem, he said.

Operators must place sufficient importance on cyber security implementation and management, as they are typically focused on maximizing uptime, Franzino said.

Since the SPower incident, owners are starting to view cyber security as another area of business risk management, Franzino said.

Cyber security risks should be treated as a “business problem, not a technical problem,” he said.

Reporting by Ed Pearcey

Editing by Robin Sayles