Navigant Research Blog

New Cyberweapons Heighten Grid Concerns

— July 6, 2017

The threat level against grid assets and Internet of Things (IoT) devices keeps rising—or at least we are witnessing a heightened sense of potential disasters. The latest eye opening news was the revelation, or perhaps better put, the confirmation that Russia has developed a cyberweapon that can disrupt power grids—which is not all that surprising considering the suspicious blackout reported last year against the grid in Ukraine.

CrashOveride

Researchers say the Russian malware—known as CrashOveride—is a cyberweapon that could be modified and then deployed against the US electrical grid or the grids of other Russian adversaries. One cybersecurity expert called the latest news a game-changer, while another expert says the latest information connects to an ongoing Russian effort that at one point targeted US industrial control systems in 2014.

The potential threat to the US grid has reached the highest levels of the government. President Trump met recently with leaders from the energy sector and experts in the field of cybersecurity to address the issue and to reiterate his plea for improving the cooperative work between the public and private sectors to protect critical infrastructure like the grid. The meeting followed the president’s May executive order, which in part called for an assessment of how prepared the country is should a significant cyber attack cause prolonged power outages.

Little Known Nuclear Site Intrusion

While the Russian cyberweapon story captured headlines, a lesser known threat against US nuclear power generation sites has surfaced. Officials are investigating a cyber intrusion affecting several nuclear power sites, according to E&E News. Details are few, but officials have confirmed they are unpacking a secretive cyber event code-named Nuclear 17. There is no evidence nuclear energy assets were compromised, but such a cybersecurity breach at closely guarded nuclear reactors would appear to indicate an escalation of hackers’ abilities to probe such sensitive infrastructure.

In the IoT world, no new major attacks have been reported, but the threat against connected devices remains relatively high. One noted expert believes the situation is worse than most people think. We are “one disaster away from government doing something,” says Bruce Schneier, CTO of IBM Resilient, a fellow at Harvard’s Berkman Center and a board member of Electronic Frontier Foundation. He argues that IoT industry stakeholders need to help shape smart regulations or run the risk of operating under stupid government rules. His point is well taken, and aligns with what I’ve said in a previous blog about stakeholders focusing on strong security measures. It’s a way to keep systems and people safe and to shape best practices that regulators could view as a framework for reasonable or smart IoT regulations.

Pay Attention, Don’t Panic

Given where we are with cyber attacks, whether against grid assets or IoT devices, we should be concerned, but I see no need for panic. As bad actors with increasingly powerful tools come to light, there is a clear need for stepped up action by grid operators, technology vendors, and regulators. Presumably, important action is taking place behind the scenes. But it would be comforting to know with more certainty that government and industry stakeholders are cooperating and pushing real measures to minimize the risks to the grid and to people.

 

Zero Emissions from a Fossil Fuel Plant … Really?

— June 6, 2017

The claim of zero emissions from a fossil fuel plant sounds too good to be true. I was skeptical when I first read the headline, “Goodbye Smokestacks: Startup Invents Zero-Emission Fossil Fuel Power,” on the Science website. But on second glance, this does appear to be a big deal in the carbon capture realm.

Oxymoron or Innovation?

Author Robert Service notes: “Zero emissions fossil fuel power sounds like an oxymoron.” And indeed, it does. But the people behind startup NET Power believe its technology makes this possible. The company is backing a 25 MW demonstration plant in the Houston area that will be activated later this year. Basically, the plant will burn natural gas in a pure oxygen combustor. By using mostly pure, high pressure CO2, the plant can avoid the phase changes of traditional steam cycles. And instead of driving a steam cycle and losing heat up a smokestack, the NET Power plant retains heat within the system, resulting in less fuel used for a turbine to reach the necessary temperature.

The result, the company claims, is a stream of nearly pure CO2 that is then piped away and stored underground, or that can be shot into sapped oil reservoirs to recover what oil remains. This latter process is called enhanced oil recovery. In either case, the CO2 is kept out of the atmosphere. The system is based on work done by Rodney Allam, a retired British engineer, and is called the Allam Cycle. The key to Allam’s idea is the recycling of the CO2 in a loop.

A Fossil-Fueled Game Changer

NET Power says it can produce emissions-free power at about $0.06/kWh, which is about the same as the cost from a state of the art, natural gas-fired plant. And lower than most renewable energy. If the demonstration meets expectations, the company intends to move to a full-scale, 300 MW version that could be operational in 2021 at a cost of about $300 million. Such a power plant could supply more 200,000 homes. One expert, John Thompson from the Clean Air Task Force, says the breakthrough plant would be “a game-changer if they achieve 100% of their goals.”

We shall see. The NET Power facility could fail to reach its goal; as carbon capture expert Howard Herzog says, “There are only a million things that can go wrong.” But if successful, the zero emissions plant could be a bridge to a cleaner environment, and could drive more aggressive use of renewable sources. So, what’s not to like about this kind of audacious engineering that aims to solve a problem in a practical way? Failure is a possibility, but success is, too.

 

Cybersecurity Pros Are Hiding the Breaches: This Must Stop

— May 31, 2017

Even the security good guys are failing us. That’s the upshot from the new survey of cybersecurity experts conducted by Bromium, a cybersecurity firm based in Cupertino, California.

The company surveyed attendees at the RSA Conference 2017 and others as part of a combined extended study and found startling results:

  • On average, 10% of security professionals said they had paid a ransom or hid a breach without telling their team members (5% at RSA, 15% in the extended study). Note: some 638 million ransomware attacks took place in 2016, which implies that tens of millions of such attacks are likely going unreported.
  • On average, 35% of security professionals said they went around, turned off, or bypassed their own corporate security settings (38% at RSA, 32% in extended study of United States and United Kingdom security professionals).

The folks at Bromium said the results “kind of blew their minds.” No kidding. This level of failure to act is shocking. But on further analysis, perhaps understandable. The bad guys have both the incentives and easy access to the tools needed to break into servers and cause havoc.

For grid operators, this is not good news. An updated U.S. News & World Report article last year noted it took hackers just 22 minutes to get employees at an electric facility north of Seattle to bite on phishing emails. It was only an exercise, but proved the point that the grid is vulnerable and that humans are often the weakest link.

Security Fatigue

One of the root causes among cybersecurity professionals for this lack of diligence is security fatigue, as pointed out in a TechRepublic story. The National Institute of Standards and Technology (NIST) defines this fatigue as “weariness or reluctance to deal with computer security.” The author recommends that companies reduce such fatigue by boosting the relevance and importance of security alerts to an IT team and emphasizing the need for constant security vigilance.

It is hard to argue with that recommendation. However, I would take things a step further: institute regular focused training on how to combat threats combined with controlled drills or testing, like the one at the plant near Seattle. It is unacceptable that people we need to trust have such careless attitudes and avoid actions in the face of threats. It is hard to admit, but we are in far deeper trouble on this front than imagined. We must do better.

 

Microsoft Pushes IoT as a Service as Competition Heats Up

— May 12, 2017

In a quiet way, many different businesses are helping to establish a stronger foothold for the Internet of Things (IoT), moving beyond the hype and delivering on the buzzy promises from several years back. As evidence, Microsoft recently launched IoT Central, an IoT as a service (IoTaaS) offering that enables companies to deploy IoT technologies without having to do so from scratch using in-house resources.

Early Adopters

IoT Central’s goal is to help companies rapidly design, build, and deliver smart products and integrate them with enterprise-scale systems. So far, early adopting companies of IoT Central—thyssenkrupp Elevator, Rolls-Royce, and Sandvik Coromant, according to reports—are in the manufacturing and engineering sectors. IoT Central is part of a suite of IoT-related products from Microsoft, including Azure Suite IoT (a platform as a service [PaaS] offering for developing backend applications) and Azure IoT Hub, which acts as the messaging infrastructure for distributed device communications.

But Microsoft is not alone in helping to establish a stronger corporate foothold for the IoT. Competitors like Amazon Web Services (AWS), Google Cloud, and Oracle, to name a few, offer several IoT-related services for business clients. And recently the head of AWS, Andy Jassy, said, “Of all the buzzwords everybody has talked about, the one that has delivered fastest on its promises is IoT and connected devices.” That’s a strong validation.

IoT and Utility Patents

IoT has also arrived for utilities. A recent piece by Alec Schibanoff, a vice president at patent broker and consulting services firm IPOfferings LLC, notes the many patents for operational efficiency and security that have been granted over the years form the basis of the modern grid. One was granted as far back as 2002.

Next Steps for IoT

These are all signs of a maturing IoT landscape, one that will underpin Energy Cloud 2.0 as envisioned by Navigant Research and outlined in the free white paper, Navigating the Energy Transformation. But there is much more value to be unleashed from IoT devices and connected systems. We’ve only scratched the surface around data analytics, and future applications and services have yet to materialize. Many companies are starting to explore the possibilities. It won’t be too many years before the IoT will make louder noises as a solid platform for business innovation and efficiency.

 

Blog Articles

Most Recent

By Date

Tags

Clean Transportation, Digital Utility Strategies, Electric Vehicles, Energy Technologies, Policy & Regulation, Renewable Energy, Smart Energy Practice, Smart Energy Program, Transportation Efficiencies, Utility Transformations

By Author


{"userID":"","pageName":"Neil Strother","path":"\/author\/neilstrother?page=3","date":"12\/18\/2017"}