As the U.S. electrifies the transportation sector, cyberattacks targeting vehicle charging could impact several critical infrastructure sectors including power systems, manufacturing, medical services, and agriculture. This is a growing area of concern as charging stations increase power delivery capabilities and must communicate to authorize charging, sequence the charging process, and manage load (grid operators, vehicles, OEM vendors, charging network operators, etc.). The research challenges are numerous and complicated because there are many end users, stakeholders, and software and equipment vendors interests involved. Poorly implemented electric vehicle supply equipment (EVSE), electric vehicle (EV), or grid operator communication systems could be a significant risk to EV adoption because the political, social, and financial impact of cyberattacks — or public perception of such — would ripple across the industry and produce lasting effects. Unfortunately, there is currently no comprehensive EVSE cybersecurity approach and limited best practices have been adopted by the EV/EVSE industry. There is an incomplete industry understanding of the attack surface, interconnected assets, and unsecured inter faces. Comprehensive cybersecurity recommendations founded on sound research are necessary to secure EV charging infrastructure. This project provided the power, security, and automotive industry with a strong technical basis for securing this infrastructure by developing threat models, determining technology gaps, and identifying or developing effective countermeasures. Specifically, the team created a cybersecurity threat model and performed a technical risk assessment of EVSE assets across multiple manufacturers and vendors, so that automotive, charging, and utility stakeholders could better protect customers, vehicles, and power systems in the face of new cyber threats.
Sandia provided technical assistance to Kit Carson Electric Cooperative (KCEC) to assess the technical merits of a proposed community resilience microgrid project in the Village of El Rito, New Mexico (NM). The project includes a proposed community resilience microgrid in the Village of El Rito, NM, around the campus of Northern New Mexico College (NNMC). A conceptual microgrid analysis plan was performed, considering a campus and community-wide approach. The analysis results provided conceptual microgrid configurations, optimized according to the performance metrics defined. The campus microgrid was studied independently and many conceptual microgrid solutions were provided that met the performance requirements. Considering the existing 1.5 MW PV system on campus far exceeds the simulated campus load peak and energy demand, a small battery installation was deemed sufficient to support the campus microgrid goals. Following the analysis and consultation, it was determined that the core Resilient El Rito team will need to further investigate the results for additional economic and environmental considerations to continue toward the best approach for their goals and needs.
This report presents a framework to evaluate the impact of a high-altitude electromagnetic pulse (HEMP) event on a bulk electric power grid. This report limits itself to modeling the impact of EMP E1 and E3 components. The co-simulation of E1 and E3 is presented in detail, and the focus of the paper is on the framework rather than actual results. This approach is highly conservative as E1 and E3 are not maximized with the same event characteristics and may only slightly overlap. The actual results shown in this report are based on a synthetic grid with synthetic data and a limited exemplary EMP model. The framework presented can be leveraged and used to analyze the impact of other threat scenarios, both manmade and natural disasters. This report d escribes a Monte-Carlo based methodology to probabilistically quantify the transient response of the power grid to a HEMP event. The approach uses multiple fundamental steps to characterize the system response to HEMP events, focused on the E1 and E3 components of the event. 1) Obtain component failure data related to HEMP events testing of components and creating component failure models. Use the component failure model to create component failure conditional probability density function (PDF) that is a function of the HEMP induced terminal voltage. 2) Model HEMP scenarios and calculate the E1 coupled voltage profiles seen by all system components. Model the same HEMP scenarios and calculate the transformer reactive power consumption profiles due to E3. 3) Sample each component failure PDF to determine which grid components will fail, due to the E1 voltage spike, for each scenario. 4) Perform dynamic simulations that incorporate the predicted component failures from E1 and reactive power consumption at each transformer affected by E3. These simulations allow for secondary transients to affect the relays/protection remaining in service which can lead to cascading outages. 5) Identify the locations and amount of load lost for each scenario through grid dynamic simulation. This can be an indication of the immediate grid impacts from a HEMP event. In addition, perform more detailed analysis to determine critical nodes and system trends. 6) To help realize the longer-term impacts, a security constrained alternating current optimal power flow (ACOPF) is run to maximize critical load served. This report describes a modeling framework to assess the systemic grid impacts due to a HEMP event. This stochastic simulation framework generates a large amount of data for each Monte Carlo replication, including HEMP location and characteristics, relay and component failures, E3 GIC profiles, cascading dynamics including voltage and frequency over time, and final system state. This data can then be analyzed to identify trends, e.g., unique system behavior modes or critical components whose failure is more likely to cause serious systemic effects. The proposed analysis process is demonstrated on a representative system. In order to draw realistic conclusions of the impact of a HEMP event on the grid, a significant amount of work remains with respect to modeling the impact on various grid components.
To determine risk of an electric shock to firefighter personnel due to contact with live parts of a damaged PV system, simulated PV arrays were constructed with multiple 'modules' connected to a central inverter. The results of this analysis demonstrate that ungrounded arrays are significantly safer than grounded arrays for reasonable module isolation resistances. Ungrounded arrays provide current hazards to personnel up to three orders of magnitude smaller than for a grounded array counterpart. While the size of the array does not affect the current hazard in grounded arrays for body resistances above 100,Ω, in ungrounded arrays, increased array size yields increased current hazards- considering that the overall fault current level is still significantly smaller than for grounded arrays. In both grounded and ungrounded arrays, the current hazard has a direct correlation to array voltage. Since the level of fault current in a grounded array can be significant, this work shows that the non- linearity of the array IV curve must be taken into account for body resistances below 600 Ω and array voltages above 1000V for accurate fault current determination. Although module and array isolation resistance is not a factor that modulates fault current in a grounded array, this resistance, Riso, has a significant effect on current hazard to the firefighter for ungrounded arrays.
The increasing penetration of inverter-interfaced resources underscores the need of valid and accurate pv-inverter models for short circuit studies and for the design of proper protection schemes. This paper presents comparison and validation of several inverter models' dynamics under fault scenarios to two commercial inverters using a Power Hardware-in-the-Loop (PHIL) testbed. Nowadays, IEEE1574 compliant inverters with anti-islanding will contribute for several cycles (1.1 p.u.) before they disconnect. As the inverter standards move towards low voltage ride-through (LVRT) capabilities to counteract remote faults, the accurate modeling of inverters using this feature becomes extremely important. One of the purposes of this paper is to compare the dynamic behavior of different inverter models with LVRT capabilities against two commercial inverters with the aid of PHIL simulation environments. Comparisons were made under different fault scenarios using the IEEE 13 node feeder as testing grid. The other purpose is to raise awareness amongst inverter manufacturers on providing accurate and comprehensive inverter simulation models that account for the protection engineers necessities.
Successful system protection is critical to the feasibility of the DC microgrid system. This work focused on identifying the types of faults, challenges of protection, different fault detection schemes, and devices pertinent to DC microgrid systems. One of the main challenges of DC microgrid protection is the lack of guidelines and standards. The various parameters that improve the design of protection schemes were identified and discussed. Due to the absence of physical inertia, the resistive nature of the line impedance affects fault clearing time and system stability during faults. Therefore, the effectiveness of protection coordination systems with communication were also explored. A detailed literature review was done to identify possible grounding schemes and protection devices needed to ensure seamless power flow of grid-connected DC microgrids. Ultimately, it was identified that more analyses and experimentation are needed to develop optimized fault detection schemes with reduced fault clearing time.
A hierarchical control algorithm was developed to utilize photovoltaic system advanced inverter volt-VAr functions to provide distribution system voltage regulation and to mitigate 10-minute average voltages outside of ANSI Range A (0.95-1.05 pu). As with any hierarchical control strategy, the success of the control requires a sufficiently fast and reliable communication infrastructure. The communication requirements for voltage regulation were tested by varying the interval at which the controller monitors and dispatches commands and evaluating the effectiveness to mitigate distribution system over-voltages. The control strategy was demonstrated to perform well for communication intervals equal to the 10-minute ANSI metric definition or faster. The communication reliability impacted the controller performance at levels of 99% and below, depending on the communication interval, where an 8-minute communication interval could be unsuccessful with an 80% reliability. The communication delay, up to 20 seconds, was too small to have an impact on the effectiveness of the communication-based hierarchical voltage control.
This study describes a cyber security research & development (R&D) gap analysis and research plan to address cyber security for industrial control system (ICS) supporting critical energy systems (CES). The Sandia National Laboratories (SNL) team addressed a long-term perspective for the R&D planning and gap analysis. Investment will posture CES for sustained and resilient energy operations well into the future. Acknowledgements The authors would like to acknowledge the funding and technical support from the Department of Energy Office of Electricity Delivery & Energy Reliability for the development of this report. The authors are very appreciative of the key contributions by other SNL personnel in supporting the analysis, particularly from Jennifer Depoy, Abraham Ellis, Derek Hart, Jordan Henry, John Mulder, and Jennifer Trasti. The authors would also like to thank the following government and non-government organiza- tions for their invaluable input to this study: Government Massachusetts Institute of Technology Lincoln Laboratory Construction Engineering Research Laboratory (CERL) Idaho National Laboratory Marine Corps Air Ground Combat Center, Twentynine Palms, California National Renewable Energy Laboratory National Institute of Standards and Technology Pacific Northwest National Laboratory U.S. Army Corps of Engineers U.S. Army Cyber Command U.S. Navy Installations Command Non-Government Customized Energy Solutions Electric Power Research Institute Enchanted Rock ICETEC Integrated Energy Solutions NEC Energy Solutions OpenADR Alliance PJM POWER Engineers Schweitzer Engineering Laboratory Southwest Research Institute Typhoon HIL, Inc. Executive Summary This study describes a long-term cyber security R&D plan to address ICS cyber security for CES. Long-term goals for ICS were assumed to be those that would require significant action and R&D to achieve, as opposed to being addressable by applying existing technology and best practices. Long-term R&D would roughly fall into the window of 5-10 years out. Investing in the identified R&D will posture CES for sustained resilient energy operations well into the future. The gaps were identified using a conventional gap analysis process. The current state of cyber security R&D was surveyed and summarized. Then, the desired future state of ICS cyber security was characterized, in terms of required capabilities for a secure and resilient ICS. Afterward, gaps were identified by comparing the current state of cyber security to the desired end-state. Finally, the gaps were prioritized and paired (where important) with the appropriate communities (industry, vendors, academia, etc.) suitable to address them. The baseline survey of the existing R&D focused on efforts in government, academia, feder- ally funded research and development centers (FFRDCs), and industry (including vendors). One primary source was existing DOE, Department of Homeland Security (DHS), and Department of Defense (DoD) programs, including Cybersecurity for Energy Delivery Systems (CEDS) and Defense Advanced Research Projects Agency (DARPA). Crucial documents from the National In- stitute of Standards and Technology (NIST) were also surveyed. On the academic side, the group included work from the Institute for Information Security & Privacy (IISP) and Trustworthy Cyber Infrastructure for the Power Grid (TCIPG) research consortiums. Numerous other smaller efforts were cataloged as well. Overall, the results show significant attention on the cyber security issues faced by ICS, but with a definite tendency toward near-term solutions, and less defined long-term goals, particularly in terms of needed R&D. The surveyed concepts and goals were used to develop the desired state for long-term ICS cyber security. These were complemented by concepts and frameworks previously used for ICS cyber security. The overall result was the development of a matrix of needed technical capabilities for secure and resilient ICS in the long term. Eighteen cyber security concepts (referred to as "topics" for gap analysis) were identified and sorted according to their positions in the security lifecycle (secure design, reinforced implementation, operation and deployment, or cross-cutting capabilities) and security category (protect, detect, react, or recover). For each topic, a description was provided, as well as other discussion, including a comparison to existing work. The comparisons formed the basis for the gap analysis. Some security topics, although an essential part of a desired secure ICS state in the future, have significant R&D resources alieady working to realize the goal. Others, however, are only partially addressed. Besides the severity of the R&D gap, an important consideration is that perfect security is unattainable; therefore, strong security engineering must be complemented with additional security monitoring. The final rankings for long-term R&D, including specific opportunities and challenges, along with suggestions about which group or groups should be targeted for funding opportunities, are in Chapter of the report. Some of the key results include: 1. Trusted monitors, which act as out-of-band security sentinels, and security analytics, which fuse weak indicators to detect security anomalies, have very high priority for R&D. As men- tioned previously, no system can be completely trusted (or, given the potential ramifications, even reasonably trusted); therefore, monitoring is essential. 2. Virtualization is a key capability for many aspects of ICS cyber security; potential applica- tions include training environments, pre-deployment change testing, red/blue engagement, evaluating tactics-techniques-procedures (TTPs), and others. Virtualization capability would be greatly enhanced with better support for ICS field devices (like relays, programmable logic controllers, etc.) and automated model generation from design or operational system information. 3. Field devices have unique cyber security issues, and are critical to cyber risk given their application: straddling the cyber/physical domains Addressing these issues in an organized fashion (including their virtualization) is a priority R&D gap. This is also an example where industry (particularly vendors) must complement other R&D organizations.
This paper describes methods that a distribution engineer could use to determine advanced inverter settings to improve distribution system performance. These settings are for fixed power factor, volt-var, and volt-watt functionality. Depending on the level of detail that is desired, different methods are proposed to determine single settings applicable for all advanced inverters on a feeder or unique settings for each individual inverter. Seven distinctly different utility distribution feeders are analyzed to simulate the potential benefit in terms of hosting capacity, system losses, and reactive power attained with each method to determine the advanced inverter settings.
The goal of this effort was to assess the effect of high penetration solar deployment on the small signal stability of the western North American power system (wNAPS). Small signal stability is concerned with the system response to small disturbances, where the system is operating in a linear region. The study area consisted of the region governed by the Western Electricity Coordinating Council (WECC). General Electric's Positive Sequence Load Flow software (PSLF®) was employed to simulate the power system. A resistive brake insertion was employed to stimulate the system. The data was then analyzed in MATLAB® using subspace methods (Eigensystem Realization Algorithm). Two different WECC base cases were analyzed: 2022 light spring and 2016 heavy summer. Each base case was also modified to increase the percentage of wind and solar. In order to keep power flows the same, the modified cases replaced conventional generation with renewable generation. The replacements were performed on a regional basis so that solar and wind were placed in suitable locations. The main finding was that increased renewable penetration increases the frequency of inter-area modes, with minimal impact on damping. The slight increase in mode frequency was consistent with the loss of inertia as conventional generation is replaced with wind and solar. Then, distributed control of renewable generation was assessed as a potential mitigation, along with an analysis of the impact of communications latency on the distributed control algorithms.
A central control algorithm was developed to utilize photovoltaic system advanced inverter functions, specifically fixed power factor and constant reactive power, to provide distribution system voltage regulation and to mitigate voltage regulator tap operations by using voltage measurements at the regulator. As with any centralized control strategy, the capabilities of the control require a reliable and fast communication infrastructure. These communication requirements were evaluated by varying the interval at which the controller sends dispatch commands and evaluating the effectiveness to mitigate tap operations. The control strategy was demonstrated to perform well for communication intervals faster than the delay on the voltage regulator (30 seconds). The communication reliability, latency, and bandwidth requirements were also evaluated.
The third solicitation of the California Solar Initiative (CSI) Research, Development, Demonstration and Deployment (RD&D) Program established by the California Public Utility Commission (CPUC) is supporting the Electric Power Research Institute (EPRI), National Renewable Energy Laboratory (NREL), and Sandia National Laboratories (SNL) with collaboration from Pacific Gas and Electric (PG&E), Southern California Edison (SCE), and San Diego Gas and Electric (SDG&E), in research to improve the Utility Application Review and Approval process for interconnecting distributed energy resources to the distribution system. Currently this process is the most time - consuming of any step on the path to generating power on the distribution system. This CSI RD&D solicitation three project has completed the tasks of collecting data from the three utilities, clustering feeder characteristic data to attain representative feeders, detailed modeling of 16 representative feeders, analysis of PV impacts to those feeders, refinement of current screening processes, and validation of those suggested refinements. In this report each task is summarized to produce a final summary of all components of the overall project.