A group of Russian-sponsored hackers has been targeting U.S. critical infrastructure since 2016, according to U.S. officials. (Image credit: Forest9)

Related Articles

• • Solar plant owners urged to include cyber security in O&M contracts
  • E.ON clusters US renewables operations to tap new growth markets
  • US solar battery groups focus on system design as demand soars
  • Data center demand juggernaut creates new solar, wind openings

Russian hackers penetrate US power control rooms through suppliers

Russian hackers gained access to the control rooms of U.S. electric utilities by first penetrating the networks of suppliers who had trusted relationships with the power companies, the Wall Street Journal reported July 23, citing officials at the Department of Homeland Security (DHS).

The hackers got to the point where they could have "thrown switches” and disrupted power flows, Jonathan Homer, chief of industrial-control-system analysis at DHS, reportedly said. The cyber attackers claimed “hundreds of victims” last year, according to DHS officials.

The comments show federal officials are looking to increase the awareness of cyber security threats.

Since March 2016, Russian government hackers have targeted multiple U.S. government and critical infrastructure facilities including nuclear power systems, the U.S. Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) said in March.

The coordinated attack was carried out by a group known as Dragonfly.

According to Homer, the hackers exploited special relationships between utilities and vendors with special access to update software and run equipment diagnostics.

The attackers used conventional techniques such as spearfishing emails and watering hole attacks to compromise the networks of suppliers. This allowed them to gain access to utility networks, Homer said, confirming information provided by the DHS and FBI in March.

Electricity generators and grid operators are placing an increasing emphasis on cyber security as plants become more integrated with grid services and the internet.

Solar plant owners should use a combination of proactive measures during the construction phase, employee awareness strategies and effective system updates, to reduce cyber security risks cost-effectively, Jon Franzino, Director of Grid Security at Grid Subject Matter Experts (GridSME), told the New Energy Update PV O&M USA conference in November.

"Cyber security is not a one and done static thing...You have to get up in front of it and then you have to give it the care and...update it," he said.

Solar plant owners should look to implement cyber security management into operations and maintenance (O&M) contracts, for example detailing the installation of patches against the latest threats, Franzino said.

"I have yet to see an O&M contract that addressed network management or network security in any way shape or form...that's actually a huge gap right now," he said.

DHS is currently investigating whether the hackers are automating their attacks, which could lead to larger-scale operations.

The DHS' National Cybersecurity & Communications Integration Center (NCCIC) will conduct a series of webinars between July 23 and August 1, to discuss recent cyber activity against critical infrastructure and mitigation techniques.

Quinbrook plans giant 690 MW PV plant near Las Vegas

Quinbrook Infrastructure Partners plans to build a 690 MW solar PV plant in Nevada and the plant may incorporate energy storage, the company announced July 16.

The project would be located 25 miles north east of the Las Vegas Strip on land managed by the Bureau of Land Management (BLM).

The project proposal features "options to include batteries," Quinbrook said in a statement.

Plant construction would consist of two phases. The first 440 MW phase would connect to NV Energy's Crystal Substation via a 230kV AC interconnection and generate renewable power for the local Nevada NVE energy grid. The second 250 MW phase would connect to the South Crystal Substation via a 525kv interconnection, capable of serving power users in California, Nevada, and Arizona. 

Quinbrook would fund the project and the final development and construction stages would be managed by Arevia Power.

The BLM is currently performing an environmental review of the proposed site and is expected to make a decision by July 2019, Quinbrook said.

Construction is expected to begin in the third quarter of 2019, it said.

Facebook signs 437 MW solar deal in Oregon

Facebook and Pacific Power have agreed to build 437 MW of new solar power in Oregon, the companies announced July 18.

The new solar projects will include two plants of 100 MW to supply Facebook’s Prineville data center, the companies said.

"This collaboration helps fuel Prineville’s growing data center industry, supports the city’s economic growth, and brings new cost-effective resources onto Pacific Power’s system," the power company said in a statement.

Falling solar and wind prices and green energy initiatives have boosted demand for long-term corporate renewable power purchase agreements (PPAs). Growth has been spearheaded by global technology groups seeking to cover rising power demand from data centers.

                Forecast electricity demand for data centers

                                               (Click image to enlarge)

Source: 2017 paper "Total consumer power consumption forecast" by Anders Andrae, Huawei.

Large tech companies are pioneering new PPA structures and green tariff solutions to support renewable energy projects.

Companies like Facebook and Microsoft are acting as "anchors" for renewable PPAs, lowering risk for smaller counterparties.

In May, Facebook announced it would build a 970,000 square-foot data center in Utah powered by a new green tariff it developed with Rocky Mountain Power (RMP). The move shows how large companies are able to use purchasing power and the promise of job creation to advance tariff regulations.

New Energy Update