The Energy Biome – Understanding actors, interests, and interactions through the IoT/IIoT lens

The Energy grid faces several challenges through its many actors, interactions and the interfaces. A traditional grid provides energy services and although it is believed to be a centralized provider, it draws its resources from several other public and private suppliers. An example is well described in the NYC SIRR document ("A Stronger, More Resilient New York", 2013, pg. 108, 111).

Here’s a simplistic biome-like framework that I designed to help with that big picture.

It shows the different points in the day to day management of a typical grid, such as, the supply chain management, the safety and security control, the inventory system, and quality control. Within these four main areas lay hundreds of actions performed continuously by thousands of human and electromechanical capabilities. These actions have been learnt over the years through immense hard work, and trial and error, and documented to provide an almost seamless electricity supply to our daily needs.

Traditionally distributed control systems (DCS) helped with local administration and management, and supervisory control and data acquisition (SCADA) managed this across a geospatial area. These capabilities go as far as 1960’s and the software to support these systems have typically been proprietary and quite closed in their architecture. Distributed and remote data acquisition is nothing new to Energy grids.

Likewise, as the NYC SIRR report describes, distributed supply chain is also not a new phenomenon for energy grids. Internet of things merely takes these capabilities to another level, where now, DCS/SCADA systems use a combination of internet and the IT cloud services to acquire, store, and process their data. If we look at the diagram, the four vectors (Human, Internet, IoT, and Robots) depict four types of interactions modern energy grids are capable of. Four vectors mean four corners to watch out for potential threats to aspects inside the grid. DCS, SCADA, PLC and RTU systems (Slyke, 2015, pg. 9) can be fitted with small sensors that can now beam real-time data about the health of the systems to cloud-enabled monitoring and logging dashboards.

The four black arrows indicate the dark forces that could impact the efficient operations of the grids. When damaging forces such as cyberattacks and climate change cause destruction potentially including loss of lives, and if capital shocks and other resource scarcities such as lack of adequate human capital with technical know-how, squeeze the expectations, emphasis may be given to core or essential services that must keep the grid functioning to support life.

Given such a complex biome, it only makes sense to have a disaster recovery and business continuity plan that ensures seamless supply of electric services. Failure to do so could result in situations such as those described by NYC health data review after hurricane Sandy, “Failure or absence of emergency power systems required facilities to evacuate patients” ("New York City Healthcare Findings", 2013, pg. 12), and a matrix showing no backup or that the backup failed ("New York City Healthcare Findings", 2013, pg. 16). The report also shows how essential services such as emergency power, water and HVAC with a recovery need of less than a day could not be available ("New York City Healthcare Findings", 2013, pg. 20).

These four vectors could cause debilitating impact on the core functionality of the grid by disrupting demand or supply, taking over remote control, disabling key features such as logging and monitoring, sabotaging reactive, proactive, and predictive maintenance, thereby impacting response and recovery times. Malicious programs or bots in these distributed small internet of things could disarm the safety and security controls.

One famous example is the Stuxnet malware that infected PCs and aimed to damage the spinning rotors within the nuclear centrifuges with an intent to physically sabotage the reactors in Iran (Kushner, 2013). Securing grids therefore should be a collaborative effort from physical, electromechanical, electrical and socio-economic perspectives. Engineers and technicians become crucial to a successful safety and security strategy for an IIoT-based business and disaster recovery system for our energy grids. The key is to think beyond the traditional methods of looking at grids. Apply the Energy Biome model shown above to better understand the triad of actors, their interests, the interactions.

Author:

References

1. A Stronger, More Resilient New York. (2013). Retrieved from http://s-media.nyc.gov/agencies/sirr/SIRR_spreads_Lo_Res.pdf

2. About the Sustainable Development Goals - United Nations Sustainable Development. Retrieved from https://www.un.org/sustainabledevelopment/sustainable-development-goals/

3. Access to electricity. (2017). Retrieved from https://www.iea.org/energyaccess/database/

4. Aggarwal, V. (2018). Calculate Your Solar Panel Payback Period | EnergySage. Retrieved from https://news.energysage.com/understanding-your-solar-panel-payback-period/

5. Brussels, 12.12.2006 COM(2006) 786 final. (2006). Retrieved from https://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2006:0786:FIN:EN:PDF

6. Cost of Downtime. (2018). Retrieved from https://www.duke-energy.com/one/ _/media/pdfs/one-microsite/bd-cost-of-downtime.pdf

7. COUNCIL DIRECTIVE 2008/114/EC. (2008). Retrieved from https://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF

8. Countries with the highest number of internet users. (2018). Retrieved from https://www- statista-com.ezp-prod1.hul.harvard.edu/statistics/262966/number-of-internet-users-in- selected-countries/

9. Cuomo: Sandy cost NY, NYC $32B in damage and loss. (2012). Retrieved from

10. https://www-politico-com.ezp-prod1.hul.harvard.edu/story/2012/11/cuomo-sandy-cost-ny-nyc-32b-in-damage-and-loss-084256

11. Cybersecurity, Energy Security, and Emergency Response. Retrieved from https://www.energy.gov/ceser/office-cybersecurity-energy-security-and-emergency- response

12. Fischhoff, B., Slovic, P., Lichtenstein, S., Read, S., & Combs, B. (1978). How Safe Is Safe Enough? A Psychometric Study of Attitudes Towards Technological Risks and Benefits. Retrieved from http://www.jstor.org.ezp- prod1.hul.harvard.edu/stable/4531720

13. Fowler, J. (2017). Women must be central in disaster prevention - UNISDR. Retrieved from https://www.unisdr.org/archive/53458

14. Framework for Improving Critical Infrastructure Cybersecurity Version 1.0. (2014).

15. Retrieved from https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

16. Hedvig, N., & Giulio, C. (2018). The JRC Statistical Audit of the Social Progress Index (SPI) - EU Science Hub - European Commission. Retrieved from https://ec.europa.eu/jrc/en/publication/jrc-statistical-audit-social-progress-index-spi

17. Incident Response/Vulnerability Coordination. (2014). Retrieved from https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Sep2014-Feb2015.pdf

18. Introduction to NISTIR 7628. (2010). Retrieved from https://www.nist.gov/sites/default/files/documents/smartgrid/nistir-7628_total.pdf

19. Karagiannis, G., Chondrogiannis, S., Krausmann, E., & Turksezer, Z. (2017). Power grid

20. recovery after natural hazard impact. Retrieved from http://publications.jrc.ec.europa.eu/repository/bitstream/JRC108842/jrc108842kjna28844enn.pdf

21. Kasperson, R., Renn, O., Slovic, P., Brown, H., Emel, J., & Goble, R. et al. (1998). The

22. Social Amplification of Risk: A Conceptual Framework. Retrieved from https://onlinelibrary-wiley-com.ezp- prod1.hul.harvard.edu/doi/abs/10.1111/j.1539-6924.1988.tb01168.x

23. Kushner, D. (2013). The Real Story of Stuxnet. Retrieved from https://spectrum-ieee-org.ezp-prod1.hul.harvard.edu/telecom/security/the-real-story-of-stuxnet

24. Lewiner, C. (2017). World Energy Markets Observatory. Retrieved from

25. https://www.theenergytimes.com/sites/theenergytimes.com/files/Capgemini_World_Energy_Markets_Observatory_Report_2017.pdf

26. Marcus, K. (2018). Rise of the Energy Prosumer. Retrieved from https://www.energycentral.com/c/gn/rise-energy-prosumer

27. New York City Healthcare Findings. (2013). Retrieved from https://www.health.ny.gov/facilities/public_health_and_health_planning_council/meetings/2013-06-27/docs/sirr_healthcare.pdf

28. Newman, J. (2018). The Myth of Free. Retrieved from https://www.gwlr.org/wp- content/uploads/2018/06/86-Geo.-Wash.-L.-Rev.-513.pdf

29. Obama, B. (2012). Remarks by the President at a Campaign Event in Roanoke, Virginia. Retrieved from https://obamawhitehouse.archives.gov/the-press- office/2012/07/13/remarks-president-campaign-event-roanoke-virginia

30. Rifkin, J. (2015). The zero marginal cost society (1st ed.). New York, N.Y.: St. Martin's Griffin.

31. Sandy Impacts Final Report Ch 1. (2013). Retrieved from http://www.nyc.gov/html/sirr/downloads/pdf/final_report/Ch_1 _SandyImpacts_FINAL_singles.pdf

32. Schipper, E., Thomalla, F., Vulturius, G., Johnson, K., & Klein, R. (2015). Climate change

33. and Disaster Risk Reduction - UNISDR. Retrieved from https://www.unisdr.org/we/inform/publications/49565

34. Sendai Framework for Disaster Risk Reduction 2015 - 2030. (2015). Retrieved from https://www.unisdr.org/files/43291_sendaiframeworkfordrren.pdf

35. Slyke, D. (2015). The Heart of an Energy Management System. Retrieved from

36. http://sites.ieee.org.ezp-prod1.hul.harvard.edu/sas- pesias/files/2016/03/SCADA_20150316_Slides.pdf

37. Small retailers transact $19 trillion in cash annually. (2016). Retrieved from http://www.worldbank.org.ezp-prod1.hul.harvard.edu/en/news/press- release/2016/06/27/small-retailers-transact-19-trillion-in-cash-annually-new-world- economic-forum-and-world-bank-group-study-shows

38. Superstorm Sandy | Google Crisis Map. (2012). Retrieved from http://google.org/crisismap/2012-sandy

39. The Cost of Malicious Cyber Activity to the U.S. Economy. (2018). Retrieved from https://www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-Malicious- Cyber-Activity-to-the-U.S.-Economy.pdf

40. Tse, T., & Esposito, M. (2017). Understanding How the Future Unfolds. Middletown, DE: Lioncrest Publishing.

41. UNESCO Gender and Science. Retrieved from http://www.unesco.org/new/en/natural- sciences/priority-areas/gender-and-science/cross-cutting-issues/gender-equality-and- disaster-risk-reduction/facts-and-figures/

42. Utilizing Island Hopping in Targeted Attacks - Security News - Trend Micro USA. (2014). Retrieved from https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and- digital-threats/utilizing-island-hopping-in-targeted-attacks

43. Weed, S. (2017). US Policy Response to Cyber Attack on SCADA Systems Supporting Critical National Infrastructure. Retrieved from https://media.defense.gov/2017/Nov/20/2001846609/-1/-1/0/CPP0007 _WEED_SCADA.PDF