Renewable energy helps drive the global economy while reducing carbon dioxide emissions. However, a shortcoming of renewable energy is the difficulty of matching supply with demand. The sun does not always shine when the community needs electricity during peak periods, just as the wind does not stop blowing during off-peak periods.
One of the best ways to stabilize renewable energy supplies is to use Energy Storage Systems (ESS) that store surplus power when the supply is high and can discharge power when the supply is low. In this article, we will share best practices in safeguarding ESS infrastructure for the renewable energy sector.
An ESS converts electrical energy into a storable form, such as a battery. A typical ESS in a wind or solar farm consists of the Energy Management System (EMS) and a power plant controller that monitors and controls the operations of the ESS in real time. The power plant controller aggregates the data collected from a Power Conversion System (PCS) and Battery Management System (BMS). All equipment is placed inside a container that is often situated in harsh environments such as deserts or the Arctic where sun and wind are plentiful.
Network communication between the EMS, PCS, and BMS must be protected from unauthorized access or any unwanted activity that will disrupt operations. It's recommended to consider security risks to the ESS from two perspectives.
The first is the overall network security boundary: is the access authenticated and authorized, and are the commands being sent as expected? The second is communication security at the edge: is the communication and access of the device securely protected?
These security mechanisms need to be designed when containers are produced at the manufacturing site, therefore allowing the complete system to be efficiently delivered and connected to a farm and grid.
1. Build Security Boundaries Vertically and Horizontally
To protect communications between the renewable energy system, the power plant controller, the power conversion system, and the substation, deploy stateful firewalls with Modbus deep packet inspection (DPI).
- Vertical protection: firewalls play an important role as gatekeepers protecting system communications.
- Horizontal protection: a Modbus DPI engine can examine commands and drop data packets that are not authorized or not listed.
2. Enhance Remote Connection Security for a Li-ion ESS
To develop seamless, secure communications between an ESS and a control center, adopt a reliable edge connectivity solution.
- Facilitate communications at the edge: deploy protocol gateways between Modbus serial-based batteries and Ethernet-based remote terminal units.
- Secure communications: leverage security features such as HTTPS, SNMPv3 management, and Accessible IP Addresses to ensure that communication and access of a device are protected, therefore reducing risks and enhancing the reliability of remote communications.
Energy storage systems (ESS) help expand electricity capacity and stabilize supply. An ESS can also play an important role in maintaining the security of critical infrastructure. In response to the growing threat of cyber attacks, Moxa recommends securing ESS networks by defining the security boundary so you can determine who can access your network and what information they can pass through it.
Roger Chen is the Manager of Cybersecurity Market Development at Moxa.