EnerNex Logo
Let's Talk

An Architectural View for Addressing Operational, Business, and Cybersecurity Needs in T&D Field Devices

Apr 2, 2021 | Article

Brian Smith
bsmith@enernex.com
865-770-4853

 

 

Access to data from the wide range of Intelligent Electronic Devices (IED) and sensors, also referred to as field devices, deployed throughout the transmission and distribution field environments is often at the forefront of current discussions within most utilities. A key driver for this focus is that data available from field devices has become valuable for many business purposes beyond that of the traditional power systems operations footprint. Technology evolution of field device communications interfaces and the wide variety of communication solutions available to utilities have made the use of a multitude of field device data a realistic and attainable goal.

One significant challenge for utilities is the hidden complexity that arises when exploring options to provide business access to data available within field devices while at the same time addressing the need to ensure the security of the field devices themselves. Both data accuracy and integrity are critical for business and operational decision-making. A further complicating factor is that field devices range from single function low-end devices to complex multi-function devices that support critical power system protection, automation, or control applications. In most cases, T&D field devices are not as robust as their traditional IT counterparts when it comes to processor and communications capacity and issues such as resource consumption are a significant worry when additional communications interfaces beyond the primary application are considered.

Some utilities are already amid this challenge as they start to examine existing system deployments. Many of these systems were deployed with a purpose-built philosophy where the field device, communications, and data collection were all coupled with and dedicated to a single function or application. Other systems have evolved from pilot projects that were focused on validating fundamental application concepts and not focused on data integration and security considerations.

To address field device cybersecurity challenges, utilities must have an architecture reference model and roadmap to get to the desired future state. Two elements that are critical in supporting the utility’s agility in responding to evolving business and cybersecurity needs. A key first step in creating a reference architecture is to develop a holistic view of all potential interactions, both current and future, that may occur with any T&D field device. Only then, will certain interdependencies start to emerge that were difficult to identify from what had previously been disjointed snapshots of specific interactions with the field devices. While it is unlikely that any single device supports all identified interfaces, the superset of data flows provides a path to develop a reference architecture that addresses both data integration and security. One way to organize this view is to focus on four categories of logical interfaces on a T&D field device:

Once this high-level view is created, it becomes easier to begin the process of creating a T&D field device architecture that addresses operational, business, and cybersecurity needs. Key aspects of this second architecture step should include:

  • Minimizing Direct User Access to T&D Field Devices – A key cybersecurity objective is to minimize the number of people that have direct access to any T&D field device. Users that only need access to the data within the device should have access to data via secondary repository and not granted direct access to the device.
  • Minimizing Non-Critical Machine-to-Machine Process Data Interfaces to T&D Field Devices – In many cases, data available within T&D field devices is valuable to more than a single utility application. The architecture should support decoupling of the data acquisition function from the analysis and processing functions of the applications utilizing a utility integration bus or similar solution. Using this model, a single data acquisition element can potentially support multiple non-critical applications. It is important to note that data decoupling must not include critical applications essential for power system reliability as the additional components between the end device and application may negatively impact these applications.
  • Prohibiting Direct User Access to T&D Field Devices from Outside the OT Environment – Access granted for users that are allowed to remotely connect to a field device for maintenance and management functions should be strictly managed. Although only required for assets defined as Medium Impact Bulk Electric System Cyber Systems, the NERC model of an intermediate system implemented to manage remote field device access is an effective model to implement for all field device remote access. Key elements of this include role-based access control, least privilege, multi-factor authentication, and encryption.
  • Monitoring and Configuration Management of T&D Field Devices – While this has traditionally been a manual process in the past, utilities should implement active/online field device monitoring and configuration management solutions.
  • Creation of Network Segmentation and Security Zones – A fundamental cybersecurity goal is to contain a security breach to the smallest area possible and flat networks that span multiple locations or functions will not accomplish this. Logical segregation by location and more granularly by function are essential to the resilience of the system and critical functions. The architecture should include traffic control and monitoring at the boundary points of the logical security zones. Additional anomaly detection solutions deployed around head-end systems as well as field devices supporting critical functions such as power system protection or automation should also be considered.
  • Pushing Data from the OT Environment to the Enterprise – Another cybersecurity goal is to minimize the logical ingress from a lower trust environment (enterprise) to a higher trust environment (OT) by utilizing mechanisms to push data.

Once developed, a T&D Field Device Architecture should be seen as a starting point rather than the destination. As with any architecture effort, governance is just as essential to the success of the effort as is technology.

Want to know more about how EnerNex can support your T&D Field Device Architecture efforts? Feel free to contact me at bsmith@enernex.com to discuss. EnerNex is uniquely qualified to assist you as our staff has decades of experience in cyber security, utility automation, IT, OT, and communications systems from both vendor and utility perspectives.

Smart Metering (SM) and Advanced Metering Infrastructure (AMI)

Smart Metering and AMI is a transformational process addressing multiple business and technical needs of the utility enterprise. This is more than just smart meters and communications networks; it includes all of the back end applications that can leverage the meter assets, such as outage notification, demand response, call center optimization, disputed billing process handling, pre-payment opportunities, and service connection management methods and procedures, to name a few.

Implementing SM and AMI faces the same business, engineering, and operational challenges as any other across-the-utility information technology endeavors – most notably risk associated with embracing proprietary technology, missing functionality and early obsolescence. Effective SM and AMI development, implementation, and operation relies on a marriage of electric power engineering with information technology expertise: a key component of EnerNex’s expertise and experience.

EnerNex provides an array of engineering and consulting services geared towards intelligent and effective implementation of SM and AMI. This covers all phases of project development, starting with capturing system requirements where our experts leverage a “Use Case” centric view of activities needed to be accomplished and their interaction with systems and other users. Subsequent project steps typically examine other critical areas, such as: modeling of business cases, building inter-department consensus, assembling and assessing system functional requirements and non-functional requirements, developing a system design, hardware and software specifications and standards, complete procurement services including RFI and RFQ process support, supplier rating system, response evaluation methodology, deployment management, and training of office and field personnel.

Demand Response (DR)

Demand response can be as simple as load interruption directed by the energy supplier in response to severe demand requirements, to complex customer defined load management in response to price signals. DR is one of the components of a “Non-Wires Alternative” that many utilities are effectively using to avoid expensive distribution fortification or upgrade.

 

Often the success and/or failure of demand response programs can be linked to program implementation challenges such as rate/tariff design rate structures communication (e.g. price signals) or ineffective incentives used by utilities to encourage customers to accept operational change. The issues of program design, rate structure and customer impact have a tremendous influence on the success or failure of load management initiatives. Demand response has traditionally been used as a tool of the energy industry to ensure system stability. However, the introduction of microelectronics, communications, home automation and the Internet of Things (IoT) has led to the development of cost effective solutions that have the capability to allow the consumer to take control of managing their energy load and ultimately, the price they pay for energy.

EnerNex has the experience and skills to turn your DR program into a successful operational asset and customer engagement process that can deliver value to all parties.

Energy Assurance Planning

Natural and man-made disasters cause an estimated $57B in average annual costs for all parties; large single events have resulted in losses of $100B or more. Events, such as the World Trade Center disaster, Hurricane Katrina, and most recently Hurricane Helene, have demonstrated an acute need to revisit, revise and implement an effective energy assurance plan. Energy assurance plans assess the functionality and interdependencies of buildings and infrastructure systems and the role they play in sustaining service and rapidly restoring critical services to a community following a hazard event.

 

EnerNex assists our clients in developing comprehensive energy assurance plans that mitigate and minimize the impact of energy disruptions. Our experts assess critical infrastructure risks and evaluate appropriate mitigation strategies and can help in developing an effective business continuity/disaster recovery (BC/DR) plan for utilities and your customers.

Microgrid Development

As the electric grid becomes more distributed and interactive, microgrids are playing an increasingly important role in our energy future. Decision makers at military bases, corporate and institutional campuses, residential communities and critical facilities across the world are exploring and implementing microgrids to meet economic, resiliency and environmental goals. Utility-grade microgrids are being deployed to meet transmission constraints, reliability requirements and safe-havens in the event of a significant storm event.

Microgrid_development Graphic steps to support grid modernization

Bringing together a portfolio of distributed energy resources into a controllable, islandable microgrid comes with its own set of challenges. The key to solving these challenges is in architecting a system to support information exchanges between components across well-defined points of interoperability (interfaces) in a technology independent manner. This interoperability ensures that the system is resilient to technology change. Modern systems engineering techniques must be employed to ensure that individual sub‐systems are clearly identified, their functions enumerated, their data requirements known, and the points of interoperability clearly specified, along with the commensurate monitoring, command and control that is needed to ensure grid stability. With such architecture, we can apply best of breed technology available today to support those information exchanges at interface boundaries but be free to upgrade / change the implementation technology later without causing a ripple effect throughout the system.

Enterprise Architecture

Enterprise Architecture focuses on aligning an organization’s business strategies with its anticipated, desired and planned technology enhancements. Enterprise Architecture provides a framework to cost-effectively transition from a current “as-is” technology to future enterprise-wide technological solutions. An effective Enterprise Architecture program aligns business investments with long-term business strategies while minimizing risk and providing superior technological solutions. EnerNex’s key asset is its highly skilled and experienced staff who are closely connected to both the smart grid and EA standards and practices. We provide clients with the insight necessary to operate a fully functioning smart grid, which is flexible, scalable, and vendor independent.

Grid Modernization Roadmap

Utility companies across the globe are continually modernizing their grid. Each company often has different rationales, objectives and priorities. Frequently, smart grid plans are developed for individual, incremental initiatives, rather than as a part of a whole, intelligent and interoperable infrastructure. Planning may be developed around technology choices rather than business and technical requirements. The result of incremental and flawed planning leads to increased cost and risk, lost opportunities, disconnected expectations and dead ends.

 

EnerNex’s approach to grid modernization roadmap development follows a proven, industry-standard approach to grid modernization planning by collaboratively working with the utility to develop a set of prioritized and time-phased grid modernization initiatives unique to its business strategy and objectives. The roadmap developed is holistic, requirements-based, business value driven and actionable. It often builds on and leverages existing applications and infrastructure, and incorporates industry standards to ensure interoperability, flexibility and reduced cost and risk.

Utility Communications

Utility communication and control systems are increasingly interconnected to each other and to public networks and as a result, they are becoming increasingly more susceptible to disruptions and cyber attacks. EnerNex has experience with the various issues relating to development, implementation and optimization including feasibility analysis, design, software development and customization, project management and acceptance. Our expertise extends from being involved in the development of the fundamental standards that support utility communication and automation, through deployment and securing of those resources. EnerNex personnel were heavily involved in development of such standards and protocols as IEC 61850, IEC 60870-5 and DNp3. Our staff played a key role in the EPRI Utility Communication Architecture (UCA) project and the IntelliGrid Architecture effort.

Related Articles

Related

Grid Modernization & Grid Architecture

by | Jun 20, 2025 |

Helping our clients implement and integrate grid modernization technologies and processes that are aligned with tomorrow’s utility. A Grid Modernization program frequently includes many complex utility engineering and operational topics, many times the scope of these...

read more

Grid Modernization with Artificial Intelligence

by | Jan 29, 2025 |

_______________________________________________________________________________________________________________________ Introduction The electric power industry is undergoing a transformative era, driven by digitalization, renewable energy integration, and increasing...

read more
X