It started as Edison Electric Light in the 1880s, providing power to Manhattan and New Jersey.  Over the years, it grew into the nationwide electric grid we know today as the North American Power Transmission Grid. This grid is comprised of three major and two minor interconnections, which provide reliable electric power to nearly 400 million people in the U.S. and Canada.

Like all technologies, electronic transmission and distribution (T&D) has evolved over the years. It began as a one-way grid, where large, central generation plants created electric power and distributed it to users over a mostly mechanically wired network. With a small number of power generation locations, this system created an infrastructure with simple, straightforward technology. It also gave the electric utility complete control over the entire grid, making it easier for them to manage the required power at any given time.

(Figure 1: One-way electric grid, Department of Energy, Office of Energy Policy and Systems Analysis, 2016)

With the growth of renewable energy sources such as wind, solar, and storage, T&D evolved into a two-way grid, where generation plants—otherwise known as distributed energy resources (DERs)—became smaller and more prolific; power was both generated and consumed by users. This increased the complexity of the electric grid, requiring utilities to monitor a greater number of DERs. More importantly, it enabled communication with all of them to adjust power needs as required.

(Figure 2: Two-way electric grid, Department of Energy, Office of Energy Policy and Systems Analysis, 2016)

This new two-way grid also added an additional layer of complexity in the form of digital communication, which was needed to coordinate the movement of electric power throughout the network and manage overall power demand. This higher complexity also made the electric transmission grid more vulnerable to cyberattacks, as it required continuous data communication both internally and via the Internet. Cyber activities developed for the Internet could be modified and targeted at the electric grid. Examples of such electric grid cyberattacks already exist, including the December 2015 cyberattack on the eastern Ukraine power grid, resulting in the loss of power to over 200,000 residents.

In the U.S., both state and federal levels have recognized that the cybersecurity threat to the electric grid is real. In recent years, federal laws and executive orders designed to improve protection against cyber threats have been passed. For example, in May 2021, President Biden signed an executive order outlining a framework to improve the nation’s cybersecurity. In March 2022, he signed the Consolidated Appropriations Act of 2022, which included the Cyber Incident Reporting for Critical Infrastructure Act. Federal agencies created rules to unify efforts to combat cyber-attacks. Furthermore, portions of funds from the Inflation Reduction Act of 2022 are earmarked for cybersecurity improvements to critical infrastructure, including the electric grid.

What actions are being taken to improve the electric grid’s resiliency to cybersecurity threats? The first thing to know is there are several organizations active in this area, which in part include the following:

• Federal Energy Regulatory Commission (FERC)
• North American Electric Reliability Corporation (NERC)
• Department of Energy (DOE), including its laboratories
• National Institute of Standards and Technology (NIST)
• SunSpec Alliance (industry association) 
• Underwriter’s Laboratory (UL)

A key area of focus of these organizations has centered on the harmonization and adoption of industry standards. DNP3 and IEEE 61850 are good examples. These standards govern the communication protocols of power systems at electrical substations. DNP3 is the traditional standard in the U.S., with versions dating back several decades. IEEE 61850 is the newer international standard, with additional support for digital communication between assets within and between electric facilities. This standard is increasingly migrating into the U.S. electrical grid. Both standards are well-supported by manufacturers in the electric T&D industry. Also addressing cybersecurity is Reliability Standard CIP-003-9. This update, proposed by NERC and approved by FERC in March 2023, directly addresses cybersecurity for devices interconnected in any way with the electric grid.

Finally, there is the IEEE 1547 standard, which is a series of rules and test procedures for interconnection and interoperability between DERs and the electric grid. Tucked into this standard is IEEE 1547-3, which is a guidance document for cybersecurity between DERs and the electric grid. FERC Order 2222, approved in late 2020 and published in April 2021, included language requiring state and federal parity on cybersecurity and equipment standards. In other words, FERC required that the federal and state entities involved with electric T&D harmonize around one common methodology or standard. The Order also referenced IEEE 1547-2018 (amended in 2020), which set into motion the U.S. states harmonizing around it as a requirement for any products or devices connected to the electric grid. As of March 2023, several states have adopted IEEE 1547.

(Figure 3, IEEE Standard 1547-2018 – Status of Adoption across the U.S., presented by IEEE via EPRI)

Additional states are anticipated to adopt this standard by the end of 2023. Compliance with the IEEE 1547 standard can be accomplished via UL test standard UL 1741. This is especially important for products and devices that “cross the bridge” between the DER and a substation, such as a feed-in controller. As state utility regulatory boards continue to harmonize around this standard, it is anticipated that more industry products will comply with the UL or similar third-party test standards.

A strong cybersecurity methodology is critical to ensure the resiliency of the North American electric grid from unwanted attacks. Industry and government have recognized the threat, and are working together to mitigate it.

Jim Rundo is Business Development Manager - Solar, IMA-VMM Energy/Electric Power Industry, for Phoenix Contact USA, which develops products for connecting, distributing, and controlling power and data flows.

Phoenix Contact USA | www.phoenixcontact.com