Current methods for controlling physical access to cyber systems in wind, solar, and energy storage facilities often rely on padlocks and combination locks installed on vehicle access gates. In theory, when keys are lost, locks are re-keyed or replaced and lock combinations are frequently changed but in practice, frequent personnel changes, pressure to keep operating costs low, and remote locations all combine to create vulnerabilities. Many of these facilities are located in isolated areas and do not have sophisticated HID badge-based access systems, intrusion detection or video monitoring leaving them susceptible to intrusion. Within most of these facilities are communications and control equipment that could be accessed by bad actors seeking to disrupt operations, damage equipment or cause financial harm through cyber system attacks. Upcoming requirements from the North American Electric Reliability Council (NERC) for controlling physical access to cyber systems will apply to many renewable energy and energy storage facilities whose owners and operators must rethink their approach to controlling access or be subject to fines.
Beginning in 2020, owners and operators of low impact BES facilities must control physical access to cyber systems. Current practices using padlocks and combination locks to lock access gates are not likely to meet NERC’s new requirements. Three particular areas of concern include:
Owners of solar, wind and energy storage projects of capacity greater than 75-MW that are connected to the bulk electric system at a voltage at or above 100-kV, must be able to demonstrate control of physical access to cyber systems including: network switches, gateways and routers, SCADA system human-machine interfaces, intelligent electrical devices, inverter controllers, and related equipment that could be used to gain access to communications and control networks. Entities are required to control physical access, based on need, which means:
As with all low impact requirements, the NERC Standard Requirement only dictates “what” an entity needs to do and does not provide any details on “how” they should meet the requirements. Whether a requirement is sufficiently met is only determined during a NERC audit. Experts in NERC compliance have reviewed the new requirements and offer this opinion of what could be seen as an acceptable solution to NERC auditors.
Youtech US Inc’s Smart Lock technology is a system of keyless locks, digital smart keys, and management applications that allows the control of access to facilities, premises and equipment containing cyber systems: The solution consists of:
When properly installed on site access gates, control rooms and buildings, and cabinets, enclosures and panels containing cyber systems, the Youtech Smart Lock System provides a level of cyber asset protection much greater than contemporary methods. The Smart Lock System’s ability to dynamically grant and revoke permissions based on business need and track and record operations allows facility owner/operators to rigorously control physical access to facilities containing cyber systems.
Looking beyond the requirements of NERC, all energy facility owners and operators should be rigorously managing access to their sites, the equipment therein and especially cabinets, enclosures and buildings containing cyber systems. Owners and operators of small roof-top solar, community scale solar, customer-owned battery energy storage and related facilities contain cyber systems that could be subject to access by actors seeking to cause financial or other harm.
The Youtech Smart Lock system provides rigorous control of physical access to facilities containing cyber systems. Owners and operators of low-impact bulk electric system facilities, including solar, wind and energy storage facilities, can greatly enhance security at a level of cost and complexity much lower than badge-based access control systems. Key benefits of the solution include:
For a fraction of the cost of a typical HID badge system, and the same robustness of a lock-and-key system, entities using the Smart Lock technology can reap the following security and compliance benefits:
For more information
Contact: Youtech US, Inc (916) 293-3283 email@example.com