Navigant Research Blog

Recognizing the True Value of Storage and Facing Cybersecurity Threats

— October 28, 2016

AnalyticsEnergy storage has historically been too expensive to integrate with distributed energy resources (DER), but prices have fallen significantly across several portions of the value chain in the past few years. To continue to improve the economics of the technology, it’s important for new and existing energy storage systems (ESSs) to provide multiple services to customers. This will open up a larger market for aggregated systems that can help realize the true value of storage. Software platforms that can analyze, operate, and optimize battery energy storage-enabled virtual power plants (VPPs) will be critical to capitalize on value stacking.

Aggregated Energy Storage Systems

Powershift

(Source: PowerShift Atlantic)

For instance, energy storage service provider Greensmith Energy was chosen to provide its software and integration services for several recent projects. In September, investor-owned utility American Electric Power (AEP) chose Greensmith’s GEMS platform to manage its 2 MW/14M MWh ESS in West Virginia. AEP plans to leverage the software’s functionality to expand the use of the system into a revenue-generating asset rather than solely a backup system for its distribution network. Several other companies like Sunverge, Demand Energy, and Green Charge Networks have also recently partnered with utilities where smart software will be used for flexible ESSs.

Energy storage software is increasingly becoming a vital part of determining the bankability of a project. Software modules optimized for different grid-level or customer-level applications create value for both utility-scale and behind-the-meter (BTM) users. Particularly for residential and/or commercial customers, the software module can create viable revenue streams by:

  • Optimizing self-consumption in real-time across multiple variables (e.g., demand charges, utility tariff data, etc.)
  • Participating in utility-sponsored demand response and resource adequacy programs
  • Providing long-duration backup power and islanding capabilities

A noteworthy development in the residential ESS software market is a recent partnership announced by energy Internet provider AutoGrid and distributed ESS manufacturer sonnen. The two companies partnered to fully integrate AutoGrid’s flexibility management suite with sonnen’s residential and commercial battery solutions. AutoGrid and sonnen will help energy project developers, utilities, and other energy service providers better manage, optimize, and aggregate sonnen ESS systems and other DER. Both companies believe that the partnership will help maximize project return on investment (ROI), reduce project delivery times, and unlock new revenue streams for several value chain players.

Need for Cybersecurity

With the increased automation of energy storage and DER in general, it will be important to consider the cybersecurity threats that could occur. These attacks can disrupt general system functionality or cause targeted damage to intellectual property, critical infrastructure, and physical assets. Incidents of cybercrime and associated costs can be substantial; companies must prepare for the worst-case scenario. This is not only important to protect against threats, but also to aid in how businesses continue to operate during an attack, as well as how they adapt and recover after. So what does this mean for DER businesses and stakeholders?

  • Utilities have the ability to drive the storage market forward, enabling ESSs to achieve profitability under several business cases like VPPs.
  • DER software companies should focus on developing controls that can optimize multiple use cases to maximize the value of projects.
  • ESS and other DER software developers must ensure they are adequately protected from cyber threats, including developing strong compliance programs, having advanced functionality to mitigate against vulnerabilities, and ensuring systems are in place to immediately alert stakeholders of breaches.
 

Smart Home Market Plugs through Awareness Gaps and Hacks

— October 4, 2016

Home Energy ManagementConsumers have an awareness gap when it comes to understanding smart home/Internet of Things (IoT) capabilities. That’s the upshot of a recent survey by Bosch, which sampled more than 6,000 consumers in the United States and Western Europe.

This is one of those good news/not so encouraging news situations for industry stakeholders. On the one hand, two-thirds of the survey respondents were aware of smart home technology that can automatically turn off the lights when you walk out the front door. However, less than a quarter of those same respondents (22%) are aware that with enabled services, an oven can suggest recipes—though I’m not sure such oven technology is a big driver of adoption. (Foodies might disagree.)

Interestingly, saving energy was the most appealing aspect of living in a smart home, with 69% of all respondents, regardless of country, saying this was an attractive benefit. Spanish (71%), British (72%), and French (75%) respondents were particularly keen on saving energy.

Overall, French respondents were the most confident about what smart home technology can do compared to those from the United Kingdom, United States, or Austria. Respondents from Germany and Spain were the least confident about smart home technology. Not surprisingly, awareness of smart home technology decreased with age, with those in the 25-to-34 age bracket the most likely to understand the current state of what is possible.

The highest barrier to adoption of smart home technology was price, according to respondents, with 60% saying this was holding them back from embracing smart home IoT-type products.

Smart Home Hacks

Perhaps more concerning to the industry is another disturbing report about hacking of devices. According to several accounts, hackers recently hijacked as many as a million Chinese-made security cameras, digital video recorders, and other devices to mount a massive distributed denial of service (DDoS) attack. Among those infected were French web hosting provider OVH and the website of well-known American security researcher Brian Krebs. The attack on Krebs’ site was so crippling that network provider Akamai had to cancel his account because too many resources were being used in trying to defend it. Krebs himself concluded wisely, “We need to address this as a clear and present threat not just to censorship but to critical infrastructure.”

That was one of the clear message from Navigant Research’s recent webinar, The IoT Transformation of Buildings. Security against hacks must be priority number one in the connected IoT world we now inhabit, and those in the energy sector must continue to demand this protection as a priority from technology suppliers and ensure that security is paramount in all of their deployments.

SpaceX

Quick pivot: No matter what one thinks of Elon Musk and his companies, it is worth noting his bold plan to colonize Mars, which he announced on September 27. There is an energy angle to this, too, as Musk’s Dragon spacecraft will utilize two solar arrays for producing power. Two YouTube videos help explain what this is all about. There might be plenty of good reasons to be skeptical of Musk’s vision and plan. But for the moment, let’s give him credit for being a trailblazer, explorer, and dreamer. We need big thinkers like him, even if we have doubts about their ideas.

 

Cybersecurity and Intelligent Buildings

— September 12, 2016

Intelligent BuildingFor several years, information technology (IT) and operational technology (OT) have been converging. In commercial buildings, building automation systems (BASs) are trending toward more IT integration as building owners and facility managers see the value the technology creates. However, this increasing connection and interconnection of building systems also exposes them to malicious attacks from cybercriminals.

There have been a number of high-profile cybersecurity attacks recently, from Anthem to Sony to Target. The FBI now ranks cybercrime as one of its top law enforcement activities. Most of these attacks have focused on stealing credit card numbers, social security numbers, and other forms of personal information. But it’s important to remember that these types of attacks are not the extent of the damage that could be done. The Stuxnet worm was designed to attack programmable logic controllers and was discovered in 2010 after it had ruined almost one-fifth of Iran’s nuclear reactors. In some ways, this attack served as a proof of concept of attacks that could target building systems.

Building Vulnerabilities

Cyber attacks on computer networks are a ubiquitous and constant threat, costing victims hundreds of billions of dollars in damages each year. Organized crime groups, disgruntled employees, adversarial nation states, and even hobbyists are constantly scanning systems to identify entrances into networks. Poorly designed and maintained BAS networks can serve as access points for attacks.

Should companies really worry about the impact of a breached BAS network? It seems like the worst that a hacker could do is turn off the lights. Of course, in critical facilities (such as hospitals and data centers), disruption in building conditions can have direct operational impacts. But the threat is greater than that. A cybersecurity breach launched through a building management system (BMS) or BAS can also compromise the integrity and security of corporate networks that are operating within the building.

In 2012, security researchers Billy Rios and Terry McCorkle identified a vulnerability in the Tridium Niagara AX Framework that would allow such an attack. The team uncovered the ability to execute a directory traversal attack, which allows access to restricted directories and the ability to execute commands outside of the web server’s root directory by downloading and decrypting the file containing user credentials from the server.

In 2013, these two security researchers were able to bypass the restrictions of the BMS at Google’s Wharf 7 office in Sydney, Australia using the vulnerabilities in the Tridium Niagara AX platform. By this point Tridium had issued security patches to eliminate such vulnerabilities, but the patches were never installed in this facility. Facilities managers are accustomed to operating with equipment lifespans that reach as long as 20 years. Constantly identifying and updating building system software is a fundamental shift in thinking—and one that a sophisticated tech giant like Google apparently could not manage.

Making Buildings More Secure

Building networks were never created with security in mind, and the sophistication of hacking is evolving at an incredible pace. Traditionally, breaches of security followed a flow of infiltration to aggregation to exfiltration. However, attacks are now rarely restricted to a single system and are now designed to propagate after infiltration. Moreover, the threat isn’t just technological—it also includes social engineering by obtaining account information through spying or misrepresentation.

The IT industry has established protocols for monitoring and protecting computers and IT networks against these attacks. These protocols are well understood, as are the responsibilities that each IT stakeholder has to adequately defend a network. But these are new concepts in building systems, and there is a lack of clarity among most stakeholders. IT departments may expect facilities departments to manage cybersecurity threats of buildings systems, or vice versa. Alternatively, both groups may expect the solution vendor to provide a security solution out of the box.

The threat of cybersecurity is beginning to change attitudes and has created interesting challenges in the commercial building controls market. Awareness and education of building owners and operators remain a persistent challenge. Some are completely unaware of the potential damage a cyber attack on building systems can cause their business. However, even building owners and operators who are aware of and concerned about the vulnerabilities of their building systems are often unaware of what to do about the threat. Relatively few facilities have robust defense strategies in place.

Join Benjamin Freas at the Navigant Research webinar The IoT Transformation of Buildings on Tuesday, September 13 at 2 p.m. ET to learn more about cybersecurity risks in the buildings controls market.

 

Cybersecurity for Self-Driving Cars Needs a Confidence Boost

— July 29, 2015

Highly detailed and accurate mapping data will be critical to the technical success of future autonomous vehicles. However, in order for consumers and regulators to accept vehicles that pilot themselves to a desired destination, they will need to have a great deal of trust in the technology. That trust is currently in serious danger of being eroded by an ongoing series of computer network attacks, including one demonstrated recently on Wired.com. The need to bolster automotive cybersecurity is one of the factors driving Mercedes-Benz, Audi, and BMW to jointly acquire Nokia’s Here mapping division.

Nokia was an early leader in the field of bringing high quality maps to mobile devices with its 2007 acquisition of Navteq, but the world of mobile cartography has shifted dramatically since then. With mapping apps from Google and Apple joining incumbents such as TomTom and Garmin, along with the rapid development of autonomous driving capabilities, the expectations for map data has increased exponentially. Cartographic data needs to be kept continuously updated through fleets of camera and sensor-equipped vehicles, in addition to crowd sourcing for real-time information. Unlike traditional automotive navigation systems that might get updated annually at best, this fresh data will need to be pushed to automated vehicles as soon as it’s ready.

The big three German premium brands are all expected to be on the leading edge of introducing level 2 automation capabilities and are likely to ramp up automation as soon as  technology and the market allows. Navigant Research’s Autonomous Vehicles report projects that nearly 50 million vehicles with some form of autonomous capability will be sold globally by 2030. One of the key drivers for the move to automation is the desire to reduce accidents to near zero by taking humans out of the driving control loop.

Gaining Trust

Before that can happen, everyone will need a much higher degree of confidence in the security the software and electronic systems, something that is getting more difficult by the day. For several years now, computer security researchers have been demonstrating increasingly sophisticated cyber attacks against vehicles, with the most recent coming from Charlie Miller and Chris Valasek. Miller and Valasek were able to remotely take control of a 2014 Jeep Cherokee through its telematics system, manipulate the audio system, wipers, steering, and even shut down the engine as it was driven by Wired reporter Andy Greenberg. These attacks are not trivial and are not yet widespread, but as we’ve seen from recent attacks against the U.S. Office of Personnel Management and retailers such as Target and Home Depot, the more attackers learn about the systems, the more attack vectors they find.

Automakers are hiring some of these same security researchers and creating teams solely focused on securing their in-vehicle networks. When automakers outsource control systems or data such as maps to suppliers, they often get only a black box that they can hook into without access to source code. Recognizing that they will be increasingly liable for the performance of advanced systems, they are now bringing some of the work back in-house where they can control it. Daimler AG CEO Dieter Zetsche recently acknowledged that security concerns were one of the reasons his company was partnering with its chief rivals to purchase Here maps. Similar concerns have prevented numerous automakers that have been approached by Google from adopting its autonomous driving software and developing their own code instead. Unless Google is willing to give up control of its software to automakers, it may only get adopted by lower tier companies without the resources to develop their own autonomous systems.

 

Blog Articles

Most Recent

By Date

Tags

Clean Transportation, Digital Utility Strategies, Electric Vehicles, Energy Technologies, Finance & Investing, Policy & Regulation, Renewable Energy, Smart Energy Program, Transportation Efficiencies, Utility Transformations

By Author


{"userID":"","pageName":"Cybersecurity","path":"\/tag\/cybersecurity?page=5","date":"5\/27\/2018"}