How LineVision DLR Mitigates Cybersecurity Risk
Many large enterprises have moved from more traditional on-prem to cloud-based architectures. Even entities with heightened security postures such as power grid Transmission Owners are moving some activities, either by choice or by necessity, to the cloud. But what would it take to safely integrate sensors and cloud-based architectures into grid operations?
The Risk
Dynamic Line Ratings (DLR) use sensors to monitor weather conditions like wind that heat or cool transmission lines to continuously calculate and forecast their true capacity, often allowing significantly more power flow.
While DLR data poses an opportunity to revolutionize grid operation, utility control rooms are highly secure environments that do not typically talk to the internet or bring in data from the outside world. Transmitting real-time information into the utility’s control room opens up potential avenues for attack that need to be closely managed.
Utilities and regulators are rightly concerned about the potential for increased cybersecurity risk posed by new technologies added to the grid, and Dynamic Line Rating (DLR) technologies are no exception.
Examples of Potential Vulnerabilities
Sensors that communicate directly with the Transmission Owner’s energy management system could become a target for direct attack.
Data that has been tampered with could be used to mislead utilities to use inaccurate DLR values, potentially leading to conditions that could damage assets or leave additional capacity on the table.
The Opportunity
Direct communication from sensors to a Transmission Owner’s control rooms can expose vulnerabilities, leaving utilities exposed to unnecessary risks. On the other hand, creating separation between data collection, analysis, and DLR calculations would help utilities proactively protect data against targeted attacks. How can this be done?
The Solution
From our earliest days, LineVision has worked in partnership with clients to design a solution that is secure and NERC CIP compliant. By training a model that accurately captures the effects of wind speed and direction on transmission lines and packaging that model into our LineRate Engine, LineVision removes the need for a direct connection from the sensor to the Transmission Owner’s Energy Management System (EMS). Instead, LineVision pulls sensor data (along with publicly available weather and topology information) into its data analytics platform, where it is reviewed and validated by our data science team before being used to train a DLR model. This trained model is then packaged up into LineVision’s LineRate Engine.
This approach means that all logic and intelligence are under the Transmission Owner’s control and are operating in adherence to their own security and compliance standards. Aside from wind speed and wind direction, which can be independently verified for accuracy, the LineRate Engine is packaged with all the information it needs to calculate DLR and any other advanced ratings.
Transmission Owners typically place the LineRate Engine within their high-security SCADA environment, while others may place it in their corporate environment. These environments are typically one or more data centers, each subject to varying levels of security. Regardless of their approach, utilities have control over the operation of the LineRate Engine and can apply the security controls that they deem appropriate. With no external sensor data in the operational data flow, Transmission Owners have a straightforward pathway for completely avoiding sensor risk and for supporting compliance with NERC CIP requirements.
The Benefits
LineVision’s approach balances two critical factors: sensor feedback and security. The LineRate Engine incorporates all the benefits of sensor feedback for informing the trained model while removing three key security concerns:
- Data Confidentiality. The only data required for calculating operational DLR values is weather, which can be classified as Public Information and poses zero confidentiality risk for the Transmission Owner.
- Data Integrity. LineVision’s data scientists review all data inputs, including sensor data, 3rd party weather data, and topology data. This step permits rigorous validation and analysis of all inputs to ensure the accuracy and quality of the trained model.
- System Compromise. There is no pathway from sensors to the EMS, which greatly reduces or eliminates supply chain risk.
The Bottom Line
The best method for addressing a risk is to avoid that risk altogether. In partnership with our clients, LineVision has developed a solution that has been validated and confirmed by dozens of security and compliance teams. Transmission Owners can trust LineVision’s secure-by-design approach to meet NERC CIP requirements and safely deliver the critical information needed to enhance grid capacity and resilience.
-----------------------------------------
Tom Atkinson, VP of Security, Quality and IT
Tom is responsible for the security and quality of LineVision’s products and platform. Tom works closely with customers to ensure that our LineRate and LineAware offerings support our customers’ and NERC’s stringent security and compliance requirements.
