The Energy Biome – Understanding actors, interests, and interactions through the IoT/IIoT lens
The Energy grid faces several challenges through its many actors, interactions and the interfaces. A traditional grid provides energy services and although it is believed to be a centralized provider, it draws its resources from several other public and private suppliers. An example is well described in the NYC SIRR document ("A Stronger, More Resilient New York", 2013, pg. 108, 111).
Here’s a simplistic biome-like framework that I designed to help with that big picture.
It shows the different points in the day to day management of a typical grid, such as, the supply chain management, the safety and security control, the inventory system, and quality control. Within these four main areas lay hundreds of actions performed continuously by thousands of human and electromechanical capabilities. These actions have been learnt over the years through immense hard work, and trial and error, and documented to provide an almost seamless electricity supply to our daily needs.
Traditionally distributed control systems (DCS) helped with local administration and management, and supervisory control and data acquisition (SCADA) managed this across a geospatial area. These capabilities go as far as 1960’s and the software to support these systems have typically been proprietary and quite closed in their architecture. Distributed and remote data acquisition is nothing new to Energy grids.
Likewise, as the NYC SIRR report describes, distributed supply chain is also not a new phenomenon for energy grids. Internet of things merely takes these capabilities to another level, where now, DCS/SCADA systems use a combination of internet and the IT cloud services to acquire, store, and process their data. If we look at the diagram, the four vectors (Human, Internet, IoT, and Robots) depict four types of interactions modern energy grids are capable of. Four vectors mean four corners to watch out for potential threats to aspects inside the grid. DCS, SCADA, PLC and RTU systems (Slyke, 2015, pg. 9) can be fitted with small sensors that can now beam real-time data about the health of the systems to cloud-enabled monitoring and logging dashboards.
The four black arrows indicate the dark forces that could impact the efficient operations of the grids. When damaging forces such as cyberattacks and climate change cause destruction potentially including loss of lives, and if capital shocks and other resource scarcities such as lack of adequate human capital with technical know-how, squeeze the expectations, emphasis may be given to core or essential services that must keep the grid functioning to support life.
Given such a complex biome, it only makes sense to have a disaster recovery and business continuity plan that ensures seamless supply of electric services. Failure to do so could result in situations such as those described by NYC health data review after hurricane Sandy, “Failure or absence of emergency power systems required facilities to evacuate patients” ("New York City Healthcare Findings", 2013, pg. 12), and a matrix showing no backup or that the backup failed ("New York City Healthcare Findings", 2013, pg. 16). The report also shows how essential services such as emergency power, water and HVAC with a recovery need of less than a day could not be available ("New York City Healthcare Findings", 2013, pg. 20).
These four vectors could cause debilitating impact on the core functionality of the grid by disrupting demand or supply, taking over remote control, disabling key features such as logging and monitoring, sabotaging reactive, proactive, and predictive maintenance, thereby impacting response and recovery times. Malicious programs or bots in these distributed small internet of things could disarm the safety and security controls.
One famous example is the Stuxnet malware that infected PCs and aimed to damage the spinning rotors within the nuclear centrifuges with an intent to physically sabotage the reactors in Iran (Kushner, 2013). Securing grids therefore should be a collaborative effort from physical, electromechanical, electrical and socio-economic perspectives. Engineers and technicians become crucial to a successful safety and security strategy for an IIoT-based business and disaster recovery system for our energy grids. The key is to think beyond the traditional methods of looking at grids. Apply the Energy Biome model shown above to better understand the triad of actors, their interests, the interactions.
A Stronger, More Resilient New York. (2013). Retrieved from http://s-media.nyc.gov/agencies/sirr/SIRR_spreads_Lo_Res.pdf
About the Sustainable Development Goals - United Nations Sustainable Development. Retrieved from https://www.un.org/sustainabledevelopment/sustainable-development-goals/
Access to electricity. (2017). Retrieved from https://www.iea.org/energyaccess/database/
Aggarwal, V. (2018). Calculate Your Solar Panel Payback Period | EnergySage. Retrieved from https://news.energysage.com/understanding-your-solar-panel-payback-period/
Brussels, 12.12.2006 COM(2006) 786 final. (2006). Retrieved from https://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2006:0786:FIN:EN:PDF
Cost of Downtime. (2018). Retrieved from https://www.duke-energy.com/one/ _/media/pdfs/one-microsite/bd-cost-of-downtime.pdf
COUNCIL DIRECTIVE 2008/114/EC. (2008). Retrieved from https://eur- lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF
Countries with the highest number of internet users. (2018). Retrieved from https://www- statista-com.ezp-prod1.hul.harvard.edu/statistics/262966/number-of-internet-users-in- selected-countries/
Cuomo: Sandy cost NY, NYC $32B in damage and loss. (2012). Retrieved from
Cybersecurity, Energy Security, and Emergency Response. Retrieved from https://www.energy.gov/ceser/office-cybersecurity-energy-security-and-emergency- response
Fischhoff, B., Slovic, P., Lichtenstein, S., Read, S., & Combs, B. (1978). How Safe Is Safe Enough? A Psychometric Study of Attitudes Towards Technological Risks and Benefits. Retrieved from http://www.jstor.org.ezp- prod1.hul.harvard.edu/stable/4531720
Fowler, J. (2017). Women must be central in disaster prevention - UNISDR. Retrieved from https://www.unisdr.org/archive/53458
Framework for Improving Critical Infrastructure Cybersecurity Version 1.0. (2014).
Retrieved from https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf
Hedvig, N., & Giulio, C. (2018). The JRC Statistical Audit of the Social Progress Index (SPI) - EU Science Hub - European Commission. Retrieved from https://ec.europa.eu/jrc/en/publication/jrc-statistical-audit-social-progress-index-spi
Incident Response/Vulnerability Coordination. (2014). Retrieved from https://ics-cert.us-cert.gov/sites/default/files/Monitors/ICS-CERT_Monitor_Sep2014-Feb2015.pdf
Introduction to NISTIR 7628. (2010). Retrieved from https://www.nist.gov/sites/default/files/documents/smartgrid/nistir-7628_total.pdf
Karagiannis, G., Chondrogiannis, S., Krausmann, E., & Turksezer, Z. (2017). Power grid
recovery after natural hazard impact. Retrieved from http://publications.jrc.ec.europa.eu/repository/bitstream/JRC108842/jrc108842kjna28844enn.pdf
Kasperson, R., Renn, O., Slovic, P., Brown, H., Emel, J., & Goble, R. et al. (1998). The
Social Amplification of Risk: A Conceptual Framework. Retrieved from https://onlinelibrary-wiley-com.ezp- prod1.hul.harvard.edu/doi/abs/10.1111/j.1539-6924.1988.tb01168.x
Kushner, D. (2013). The Real Story of Stuxnet. Retrieved from https://spectrum-ieee-org.ezp-prod1.hul.harvard.edu/telecom/security/the-real-story-of-stuxnet
Lewiner, C. (2017). World Energy Markets Observatory. Retrieved from
Marcus, K. (2018). Rise of the Energy Prosumer. Retrieved from https://www.energycentral.com/c/gn/rise-energy-prosumer
New York City Healthcare Findings. (2013). Retrieved from https://www.health.ny.gov/facilities/public_health_and_health_planning_council/meetings/2013-06-27/docs/sirr_healthcare.pdf
Newman, J. (2018). The Myth of Free. Retrieved from https://www.gwlr.org/wp- content/uploads/2018/06/86-Geo.-Wash.-L.-Rev.-513.pdf
Obama, B. (2012). Remarks by the President at a Campaign Event in Roanoke, Virginia. Retrieved from https://obamawhitehouse.archives.gov/the-press- office/2012/07/13/remarks-president-campaign-event-roanoke-virginia
Rifkin, J. (2015). The zero marginal cost society (1st ed.). New York, N.Y.: St. Martin's Griffin.
Sandy Impacts Final Report Ch 1. (2013). Retrieved from http://www.nyc.gov/html/sirr/downloads/pdf/final_report/Ch_1 _SandyImpacts_FINAL_singles.pdf
Schipper, E., Thomalla, F., Vulturius, G., Johnson, K., & Klein, R. (2015). Climate change
and Disaster Risk Reduction - UNISDR. Retrieved from https://www.unisdr.org/we/inform/publications/49565
Sendai Framework for Disaster Risk Reduction 2015 - 2030. (2015). Retrieved from https://www.unisdr.org/files/43291_sendaiframeworkfordrren.pdf
Slyke, D. (2015). The Heart of an Energy Management System. Retrieved from
Small retailers transact $19 trillion in cash annually. (2016). Retrieved from http://www.worldbank.org.ezp-prod1.hul.harvard.edu/en/news/press- release/2016/06/27/small-retailers-transact-19-trillion-in-cash-annually-new-world- economic-forum-and-world-bank-group-study-shows
Superstorm Sandy | Google Crisis Map. (2012). Retrieved from http://google.org/crisismap/2012-sandy
The Cost of Malicious Cyber Activity to the U.S. Economy. (2018). Retrieved from https://www.whitehouse.gov/wp-content/uploads/2018/03/The-Cost-of-Malicious- Cyber-Activity-to-the-U.S.-Economy.pdf
Tse, T., & Esposito, M. (2017). Understanding How the Future Unfolds. Middletown, DE: Lioncrest Publishing.
UNESCO Gender and Science. Retrieved from http://www.unesco.org/new/en/natural- sciences/priority-areas/gender-and-science/cross-cutting-issues/gender-equality-and- disaster-risk-reduction/facts-and-figures/
Utilizing Island Hopping in Targeted Attacks - Security News - Trend Micro USA. (2014). Retrieved from https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and- digital-threats/utilizing-island-hopping-in-targeted-attacks
Weed, S. (2017). US Policy Response to Cyber Attack on SCADA Systems Supporting Critical National Infrastructure. Retrieved from https://media.defense.gov/2017/Nov/20/2001846609/-1/-1/0/CPP0007 _WEED_SCADA.PDF