National cybersecurity group pushes electric utilities to step up their identity security game

by Rod Walton, Senior Editor

Electric utilities must and can now find ways to tighten up their networked controls over power generation, distribution and transmission, a government group focused on cybersecurity reported on August 25th.

The National Cybersecurity Center of Excellence has released a practice guide on “Identity and Access Management (idAM)” tools and solutions available for security engineers. It offers what the NCCEE says are ways for utilities to implement a centralized idAM platform which identifies all the system’s users involved in all the company’s control systems.

“Our conversation with utility company employees confirmed that current (idAM) implementations are often decentralized and controlled by numerous departments within a company,” the NCCEE executive summary reads. “Several negative outcomes can result from this: An increased risk of attack and service disruption, inability to identify potential sources of a problem or attack, and a lack of overall traceability and accountability regarding who has access to both critical and noncritical assets.”

The challenge is greater now while the utility industry is trying to enhance older grid infrastructure in response to emerging technologies and new devices, according to the report.

The NCCEE is a part of the U.S. Department of Commerce’s National Institute of Standards and Technology. The report says that these solutions are commercially available to utilities and also released a lengthy “how-to” guide.

“Electric utilities need the ability to provide the right person with the right degree of access to the right resources at the right time, and quickly,” the summary reads.

The NCCEE says the guide does not mean it is endorsing any or all of the commercially available products. It also asked those engineers and other implementers to participate in a forum and contribute feedback to the findings.

For more information on the report, go to https://nccoe.nist.gov/ and see the new energy practice guide.

 

Utilities/partners approved for New York REV Demos

Consolidated Edison, National Grid, Iberdrola and Central Hudson were among the power utilities included when New York’s State Department of Public Service selected demonstration projects for Gov. Andrew Cuomo’s Reforming the Energy Vision (REV) strategy. The companies will work in partnerships to develop clean energy projects.

“These demonstration projects represent, collectively, important first steps in how utilities will develop new business models to improve the customer experience in New York,” said Department CEO Audrey Zibelman. “They further Governor Cuomo’s REV strategy by supporting clean-energy innovation and investment, and they will provide customers, including low-income customers, with opportunities to gain greater control over their energy use and reduce power bills. As a result of these projects, utilities will be positioned to operate more efficiently through better integration of distributed resources, working with third parties in new kinds of business relationships.”

The partnerships and projects include:

Retroficiency and Con Edison – Building Efficiency Marketplace.

Simple Energy and Orange and Rockland – Customer Engagement and Marketplace Platform.

Smarter Grid Solutions and Iberdrola – Flexible Interconnect Solution.

SunPower, Sunverge and Con Edison – Clean Virtual Power Plant.

Central Hudson – Central-E.

Iberdrola – Community Energy Coordination.

National Grid – Neighborhood Solar.

While the traditional utility business model is based on spending electric consumer dollars and earning a regulated rate of return, these projects include private investment from third-party partners and are intended to demonstrate how new revenue streams can be created from the market, rather than from the traditional rate base, according to the New York Department of Public Service.

© BIG Stock / dellm60

 

Cybersecurity Summit offers NERC Compliance Strategies for the 21st Century

by Michael G. Albrecht

In an age of international geopolitical computer hacking, compliance with high stakes, evolving North American Electric Reliability Corporation (NERC) cybersecurity regulations, including new Critical Infrastructure Protection (CIP) Version 5 standards due in April 2016, are a priority in utility strategic planning.

Traditional analog utility infrastructure is now intimately tied to constantly evolving IP-based digital hardware and software, which means that compliance with regulations does not necessarily equate to security, said Chris Humphreys, CEO and director of The Anfield Group and former NERC-certified auditor.

“Regulations usually lag behind technology,” Humphreys said. “I advise clients, don’t do NERC, do NIST (National Institute of Standards and Technology). When you implement NIST 800-series guidelines and apply governance, risk and compliance (GRC) best practices in a methodical way, anchored by configuration management tools, then as a natural by-product you’ll be ready for NERC.”

Rapidly evolving electric industry ecosystems, configuration management vendors and NIST guidelines are often ahead of NERC compliance standards, he said.

These and other recommended NERC regulatory compliance strategies were explored at Anfield Group’s annual Technologies for Security and Compliance Summit in early August in Austin, Texas.

Grid-related companies NovaTech, RedSeal Networks, Tripwire, SAP Greenlight, Quantum Technology Services and SparkCognition showcased their products and strategies at the event, and a presentation by Matt Mereness, ERCOT’s compliance director and Edward Valdez of EcoTech Ventures’ chief strategy office, provided compelling, battle hardened commentaries.

The summit conveyed a sense of optimism that help is available to utility stakeholders grappling with demanding, even dreaded, cybersecurity compliance audits. It also informed attendees of the huge benefits organizational culture change can bring to the audit process.

Cultural change efforts that break down or at least open windows in the organizational silos must be set in place at the utility’s executive level, summit participants told the audience. Participants explained how automated configuration change management tools can map detailed network activity to specific security compliance standards. They said manual record keeping belongs to another time and place and that searching for lost documentation with an auditor waiting in the lobby never has to occur again.

Simply purchasing and installing configuration management software does not ensure organizational change, network integrity or compliance success, Humphreys said.

“If the IT side decides to make a network configuration change, say to open an FTP port on a server, without consulting with business or operations, time and money will be wasted when ops reports that the change conflicts with NERC regs,” he said.

© BIG Stock / mkabakov

Kenneth McIntyre, executive vice president of The Anfield Group and former ERCOT vice president for grid planning and operations, reinforced the message that utilities can reduce compliance pain and smoothly prepare for NERC audits by employing a calm, methodical approach to share information across the utility’s business, information technology and operations silos.

Rather than approaching federal compliance audits under the cloud of an “us vs. them witch hunt” mentality, compliance and true grid security can be realized by building over time the methodical, daily application of well-documented internal control best practices, interdepartmental communication and process ownership linked to configuration software tools, McIntyre said.

To illustrate the benefits of configuration management tools to the open organization, the summit highlighted several platforms that allow utilities to automatically generate comprehensive topological maps that itemize not only all network devices but also drill deep into the network to itemize existing software, version numbers, communication protocols, server ports and IP addresses.

A key benefit of these configuration tools is they map detailed network elements to NERC compliance standards and effectively build the Reliability Standard Audit Worksheets (RSAWs).

On a broader look at the compliance landscape, Humphreys described a new spirit of security collaboration that exists between industry and regulators who share the common goal of national grid security.

“NERC is moving from policeman to a partner,” Humphreys said.

This is not say that noncompliance is not cited and fines assessed, but in their evaluations NERC auditors take into consideration demonstrated efforts by the utility to justify and provide documented evidence of internal controls and change management processes-names, dates, reasoning, scenario testing, risk assessment and evaluation, and process ownership. Information exchange and collaboration between industry and regulators moves the audit process in a more productive direction for all parties, he said.

The summit concluded with a look at new seismic detection technology for physical infrastructure surveillance and protection by Quantum Technologies, and a presentation by SparkCognition describing their artificial intelligence (AI) neural networking tools being applied in the electric utility space to automate and streamline risk assessments and evaluations.

More than 50 mostly generation and transmission industry personnel attended The Anfield Group’s Technologies for Security and Compliance Summit, the fourth in a series of annual cybersecurity summits organized by the security and reliability consulting firm. Contact the firm at [email protected] or at 512-687-6224.

---

Michael G. Albrecht is a freelance smart grid writer and public speaker with his Evolving Electric Grid presentation. He is also a writer-researcher for CMG Consulting LLC. His works have been published in Utility Analytics, Renewable Energy World, and Smart Grid Insights.Reach him at [email protected].

 

Champion Energy, AEP head up J.D. Power retail study of competitive electric providers

By Corina Rivera Linares, Chief Analyst, TransmissionHub

Fewer customers are actively shopping for electricity, so utilities in competitive markets need to improve their focus on the customer experience beyond pricing, according to the J.D. Power 2015 Retail Electric Provider Residential Customer Satisfaction Study released in mid-August.

The study looked at 86 providers in nine states. It looked at five key factors: price; communications; corporate citizenship; enrollment/renewal; and customer service; an additional factor, billing and payment. was measured in Texas.

Champion Energy Services ranked highest both in Texas and nationwide with a score of 766, just ahead of Green Mountain Energy and Bounce Energy, at 754 and 752 points, respectively, in the same state.

AEP ranked highest in Illinois with a score of 724 points, while Liberty Power and Nordic Energy finished just behind AEP in the state. Utilities were scored on a 1,000-point scale.

Overall, the J.D. Power study indicated that improving the customer experience generates high levels of retention and even advocacy. The study found that 57 percent of highly satisfied retail customers (those who gave scores of 900 or higher) said they “definitely will” renew their contracts, while only 23 percent of customers said they planned to switch from their local distribution company in the next three months.

“Energy providers are challenged by a rapidly evolving energy marketplace and fewer customers are shopping for an alternative electricity supplier,” said Jeff Conklin, senior director of the energy practice at J.D. Power. “In this environment, it is even more vital to differentiate the customer experience on something other than price to increase retention and improve market share.”

© Can Stock Photo Inc. / Wavebreak Media Ltd

Retail electric provider study rankings by state, aside from Illinois and Texas are:

Connecticut: Ambit Energy ranks highest in Connecticut with a score of 689 and performs particularly well in the price and enrollment/renewal factors. Connecticut Gas & Electric (657) and ConEdison Solutions (645) follow Ambit Energy in the rankings.

Maryland: Maryland is not ranked this year due to insufficient sample.

Massachusetts: Viridian Energy ranks highest in Massachusetts with a score of 682 and performs particularly well in the customer service factor. Massachusetts Gas & Electric (637) and Direct Energy (626) follow in the rankings.

New Jersey: New Jersey Gas & Electric ranks highest in New Jersey with a score of 657 and performs particularly well in the communications factor. Ambit Energy (656) and North American Power (655) follow in the rankings.

New York: Green Mountain Energy ranks highest in New York with a score of 684 and performs particularly well in the communications, corporate citizenship and customer service factors. Agway Energy (665) and NOCO Electric (650) follow Green Mountain Energy in the rankings.

Ohio: IGS Energy ranks highest in Ohio with a score of 642 and performs particularly well in the price and customer service factors. Direct Energy (637) ranks second, followed by DPL Energy Resources and DP&L Energy (629.

Pennsylvania: ConEdison Solutions ranks highest in Pennsylvania with a score of 698 and performs particularly well in the price factor. Ambit Energy (695) and AEP Energy (688) follow ConEdison Solutions in the rankings, performing above the Pennsylvania average (664).

Texas had the highest statewide customer satisfaction average of 715 points.

The 2015 Retail Electric Provider Residential Customer Satisfaction Study is based on responses from 21,744 electric retail residential customers of the 86 ranked retail electric providers in nine states regarding their experiences with their retail electric provider. Online interviews were conducted August 2014 through June 2015.

 

Entergy makes transmission investments in Louisiana, other states

Entergy continues to make productive investments in transmission, Entergy Chairman and CEO Leo Denault said on Aug. 4 during the company’s 2Q15 earnings conference call.

“In April, we announced that in the fourth quarter of 2015, Entergy Arkansas will begin constructing a new, about $62 million transmission line from Monticello to Reed,” he said, adding that the project will include expanded electrical facilities, including a new substation in Reed to move power more reliably and efficiently into the region.

As TransmissionHub reported, the project involves building the new 24-mile line, crossing parts of Drew and Desha counties, and expanded electrical facilities, including the new substation in Reed. The proposed route includes a transmission line segment to the Monticello Industrial Park where the company plans to build a new distribution substation to serve industrial and commercial customers who locate there, the company’s April 6 statement added.

Also in April, Denault said during the Aug. 4 call, Entergy Louisiana filed for certification of an about $57 million transmission line in southeast Louisiana, with an in-service date of December 2018.

“This project is expected to lead to $515 million in savings to Louisiana customers over its first 20 years, which will be realized through a lower fuel adjustment clause,” he said.

An Entergy spokesperson told TransmissionHub on Aug. 4 that the Louisiana Economic Transmission Project (LETP) is a portfolio of four transmission projects designed to cost-effectively reduce congestion in the Baton Rouge industrial corridor and to increase the amount of economic power that can flow into the Amite South region.

The spokesperson noted that the LETP is subject to regulatory approval and consists of four individual projects:

1. The Richardson to Iberville Line includes the construction of a new substation at Richardson, and about 11 miles of new 230-kV line from the new Richardson substation to the existing Iberville substation in Plaquemine, La. Construction of the Richardson to Iberville component is projected to begin with the Richardson substation in August 2016, and will be followed by construction of the new 230-kV line from Richardson to Iberville. Both have a projected in-service date of December 2018
2. The Bagatelle to Sorrento cut-in to Panama 230-kV substation project would turn the existing Bagatelle-Sorrento 230-kV line into and out of the Panama 230-kV substation. Construction is to begin in January 2017, and the project has an in-service date of December 2018
3. The upgrade of the Line Bay Bus at the Romeville substation project includes upgrading the line bay bus to allow the flow limit on the Wilton-Romeville bus to increase. Construction is to begin in February 2017, and the project has an in-service date of December 2017
4. A second 500/230-kV 1186 MVA autotransformer at the Coly substation project would add three single-phase auto-transformer banks that duplicate the existing 1186 MVA 500/230-kV auto-transformer at the Coly substation. Construction will begin next December; and the project has an in-service date of June 2018.

 

EYE ON the world

Navigant: Global demand response spending will top $6 billion through 2024

Utility system operators, seeking reliability on the evolving power grid, are expected to spend about $6.2 billion globally on demand response (DR) programs from 2015-2014, according to a recent report from Navigant Research.

The report, “Demand Response Enabling Technologies,” determined that advanced technologies such as automated demand response (ADR) will help operators deal with the changing energy landscape. DR programs can speed up and help smooth out the transition from traditionally centralized power plants to distributed energy resources, proponents say.

“For years, utilities have had to rely on operators of different sites to manually turn off equipment or run programs that gave customers little choice in how they participated,” Brett Feldman, senior research analyst with Navigant Research, said in a news release announcing the report’s findings. “Customers today expect more help from technology and are calling for more flexibility from utilities, and advancements in DR and ADR can help meet those demands.”

Navigant noted that the impact of outages from Hurricane Sandy three years ago has pushed utilities, governments and business toward solutions that keep the electric grid going even in the face of natural disasters. Those efforts provide a “great opportunity” for grid operators to use strategies such as DR to help lessen risks from weather-related outages.

“Demand Response Enabling Technologies” analyzed the global DR market and focused on three main categories: metering, communications and controls. Global market forecasts for DR sites and spending are segmented by applications (including residential, commercial, industrial,) and by region. An executive summary of the report is available for free download at www.navigantresearch.com.

 

South America spending nearly $4 billion to improve power grid

Brazil leads the way as South American utilities plan to invest more than $38 billion in modernizing the continent’s power infrastructure over the next 10 years, according to a new study published in August by Northeast Group LLC.

Utilities in the region see smart metering as the best answer for pervasive electricity theft, poor reliability and operational inefficiencies. About 9 percent of South America’s electricity is stolen, with theft rates in some service territories spiking to more than 30 percent.

Brazilian utilities have announced plans to invest $25.6 billion over the next 10 years, including deployment of more than 3 million smart meters.

“Brazil is by far the largest market in the region for smart grid investment,” said Ben Gardner, president of Northeast Group. “Beyond Brazil, countries such as Colombia, Ecuador, Chile and Argentina are serious about grid modernization and planning significant investment.”

© Can Stock Photo Inc. / Spectral-Design

South America will spend about $22.6 billion in smart metering, $7.2 billion in distribution automation and $8.3 billion in other smart-grid segments from now until 2025, Gardner added.

Vendors view South America as one of the next key battlegrounds for winning major contracts. International players such as ABB, Aclara, Alstom, Elster, GE, Iskraemeco, Itron, Kamstrup, Landis+Gyr, Schneider, S&C, SEL, Sensus, Siemens, Silver Spring Networks, Trilliant and Ziv are all well positioned in the market. Several local vendors are also competitive such as Weg, ELO, Nansen, CAM and others.

South America is emerging as a key geography for Chinese vendors hoping to steal market share from the European and North America vendors. Recently, Hexing acquired Eletra Energia to boost its position in Brazil and Wasion has announced smart meter projects in Brazil. Other Chinese vendors will be looking for similar deals.

 

India building momentum on “Seven Horses of Energy” transformation

A new report by the Institute for Energy Economics and Financial Analysis (IEEFA) indicates that India already is making progress on long-term plans to increase its renewable energy installation by 175 gigawatts and spend $50 billion on modernization of the electricity grid in less than a decade.

The report, “India’s Electricity-Sector Transformation,” cites Prime Minister Narenda Modi’s call for “Seven Horses of Energy” to diversify the nation’s supply beyond coal, hydro, nuclear and gas.

© Can Stock Photo Inc. / Creative Endeavo

The report estimated a 60 percent, or 500 terawatt hours, increase in electricity demand up to the year 2022. Solar installation totaling close to 75 gigawatts could deliver 110 terawatt hours, or 22 percent of the demand rise, according to the IEEFA, while efficiency at thermal coal-fired plants also will hopefully drive down energy loss.

“For such a transformation to come about, efficiency will be key-efficiency of coal production and delivery of targets; efficiency in railway dispatches by lifting freight-utilization rates with measures such as washing coal to lower tonnage required to be moved; grid-efficiency gains to lower the highest AT&C grid-loss rates in the world (26 percent); operating efficiency to drive the Discoms (Indian plants) from their current unsustainable operating-loss position so that power purchase agreements have bankability and cash-flow security; energy efficiency to lower the ratio between electricity demand growth and economic growth; raising coal-fired power plant thermal efficiency to lower the tonnage of coal required per kilowatt hour of electricity produced; carbon efficiency to lower the electricity sector’s emissions intensity through better emissions standards and a greater reliance on low carbon alternatives such as wind, solar and hydro electricity; and finally, financial-market efficiency to drive down the cost of capital and increase access to capital,” the IEEFA report reads.