Securing Digital Distributed Energy Infrastructure

Open Energi Engineer

The Internet of Things (IoT), a term used to denote the digital infrastructure where any digitalised asset, no matter how small, can connect to an invisible mesh of other assets through the internet, has recently become synonymous with security breaches and exploitation. This is true not just in a domestic setting, where flaws in Samsung’s ‘Smart Home’ let hackers unlock doors and set off fire alarms[1], but also in industrial IoT systems, where hackers were able to change the levels of chemicals being used to treat tap water[2]. While security breaches in websites are common, with credit card details frequently stolen, breaches to industrial systems connected to the internet are fewer and more recent, as such systems were previously isolated from public networks.

In the world of Demand Side Response (DSR), security is one of the priorities of most asset owners. DSR assets have a core purpose other than helping to balance the energy system, so a DSR provider must be able to demonstrate that they will never prevent the safe and correct operation of the asset, be that treating wastewater in a sewage treatment facility or refrigerating food in a supermarket. This condition must hold even in the presence of bugs in the DSR provider’s software, and even if their own systems are penetrated by hackers. The usual practices of data encryption, strong access controls and network segregation only provide part of the answer, as they still don’t guarantee safe operation under all possible failure modes.

This condition may seem unreasonable, but in critical systems development it is crucial. A nuclear facility operating normally is run through a software system, but all safety-critical checks are duplicated in hardware interlocks that take over should the software fail in any way[3]. These interlocks are immutable and thus immune to hacking or software bugs. In space missions, NASA has since the Challenger and Columbia incidents started to use consensus of multiple software systems developed by several independent teams to control rocket operation to eliminate the possibility that a single bug could affect the mission[4].

As the DSR industry progresses towards standardisation and common best practice guidelines, a key safety requirement must be safe operation of the asset under any failure mode. Open Energi on-site controllers are always supplemented by independent hardware or software interlocks that cannot be modified by us, creating an orthogonal layer of control required to operate critical assets. For example, on asphalt sites, we supplement our own controls with hardware interlocks to disable our control should the temperature of the tank increase beyond a safe limit. On water sites, we augment our controls with independently developed PLC code that checks that the asset is still within its control parameters and disables our control immediately if not. This dual layer of security means that even if our systems are compromised by an attacker, the DSR assets will continue to operate safely.

Michael Bironneau is Technical Director at Open Energi.

[1]     Wired Magazine. May 2016. ‘Flaws in Samsung Smart home let hackers unlock doors and set off fire alarms’. https://www.wired.com/2016/05/flaws-samsungs-smart-home-let-hackers-unlock-doors-set-off-fire-alarms/

[2]     The Register. March 2016. ‘Water treatment plant hacked, chemical mix changed for tap supplies’. http://www.theregister.co.uk/2016/03/24/water_utility_hacked/

[3]     L.J. Jardine and M.M. Moshkov. Nuclear Materials Safety Management, Vol 2. 1998. See eg. p.151.

[4]     Organizational Learning at NASA: The Challenger and Columbia Incidents. 1989. J. Mahler. See eg. p.63.

The Challenges of Device Management in Energy

The Challenges of Device Management in Energy

1248 CEO Pilgrim Beart chats with David Hill, Business Development Director at Open Energi.

P: “David, tell us a bit about what you’re trying to achieve at Open Energi”

D: Open Energi is deploying ‘Internet of Things’ software within electricity consuming assets and paving the way for a new energy system; a system that is cleaner, cheaper, more efficient and more secure than the system we have today.

Our software is able to measure and monitor machine and appliance behaviour in real-time and subtly adjust electricity consumption in response to signals from the market, preventing fossil fuelled power stations from coming online and maximising our use of renewable energy, without any impact on consumer living standards or business productivity.

Every appliance or machine that we connect to using our Dynamic Demand software is another step towards removing power stations from the electricity system all together – and the money that would have been paid to those power stations is instead paid to British businesses.

P: “That sounds like a classic IoT application to me – making better use of a resource, with benefit to all the parties concerned – and helping address climate change too. What stage have you’ve reached in this ambitious goal?”

D: To date we have signed over 25 customers and deployed our software within over 1230 individual assets across 275 sites. Appliances range from Heating, Ventilation and Refrigeration Appliances in Sainsbury’s, to Water Pumps and Waste Management Equipment in United Utilities. The total power of all the devices that Open Energi interacts with is about 45MW, of which we currently bid about 15MW – around 30% – into energy markets operated by National Grid.

30% represents what is typically flexible at any given moment in time. The remaining power is being used for its primary purpose, e.g. heating supermarkets or pumping water. It is only by being able to identify flexibility on a second by second basis that we are able to provide this service.

P:”And can you give us some idea of the sort of challenges that you’ve encountered as you’ve grown in scale?”

One of the key challenges we face is being able to interface with different industrial and commercial processes – ranging from water pumps to bitumen storage tanks to refrigeration systems.  These systems operate in very different ways and generate different kinds of data, so a key challenge for us is being able to collect and view this data in a coherent way, and then understand how all these different processes are consuming energy. 

Overcoming this problem is an essential part of how we can provide a consistent and reliable service to National Grid from many thousands of individual assets.  Today many aspects of our interface with each of these processes inevitably become bespoke, which then leads to challenges in how we maintain and operate the software on all of our devices, particularly as we scale up.

P: “Your growing need for device management rings very true for us – it’s a common story as a connected service starts to achieve scale. We encountered something similar at AlertMe as we scaled from 1,000 to 10,000 devices, which is why we decided to focus on that challenge at 1248. Can you put some more meat on the bones for us?”

A key area for us is being able to simplify how we connect and exchange information with so many different control systems and processes.  Standards could play a key part here – both in terms of how we connect to other devices and what information we exchange.  This would ease the process of connecting and maintaining devices as we scale up and allow us to focus on getting the maximum value out of the energy flexibility that we’re tapping into.

For example, in the future we believe that all appliances with the ability to provide flexibility to the electricity market will come with those principles built in off-the-shelf, so that an air conditioning controller designed to maintain room temperature is every bit as used to responding to electricity market signals as it is to temperature, likewise with water pumps and bitumen tanks.

Device management is very important when trying to operate service based on very large numbers of connected devices; we can only understand and quantify energy flexibility if we have an accurate understanding of which devices are online, and whether they are functioning correctly. Moving from the world we are in now, to the future I just outlined, will need collaboration with companies like 1248.

P: “David, thanks so much for sharing this with us.”

This blog post was originally featured on www.1248.io

IoT technology meets UK’s energy grid needs faster than power stations

Aggregate Industries Moorcroft quarry

Research has found that Open Energ’s Dynamic Demand technology can meet the UK’s crucial grid balancing requirements faster than a conventional power station. The paper published as a result of ongoing collaborative research by Open Energi, National Grid and Cardiff University, titled Power System Frequency Response from the Control of Bitumen Tanks, looked at the feasibility of DSR providing a significant share of frequency balancing services.

Bitumen tanks (containing the glue that binds our roads together) equipped with Dynamic Demand were used in combination with National Grid’s model of the GB transmission system to investigate the capability of industrial heating loads to provide frequency response to the power system.

The conclusion is that Open Energi’s Dynamic Demand technology, deployed at scale, can contribute to grid frequency control in a manner similar to, and, crucially, faster than that provided by traditional peaking power generation. Field tests showed that full response could be provided in less than two seconds, as compared to 5 – 10 seconds for a thermal generator. Large scale deployment of Dynamic Demand will reduce the reliance on frequency-sensitive generators and ensure that the grid stays balanced in a cost-effective, sustainable and secure manner.

While a lot of focus has understandably been given to tight capacity margins between supply and demand, the real threat could come from generators being unable to respond within the required window to balance instantaneous shifts in supply and demand. With more renewables and decreased thermal generation, ‘inertia’ on the Grid will decrease, making frequency more unstable. Dynamic Demand can help to counteract this effect by providing faster response, helping to future proof the Grid.

The paper was published in the IEEE Transactions on Power Systems Journal. Download a copy here.