Globally, a consensus seems to be emerging that the time has come to push forward with the switch from fossil fuels to renewable energy. This is good news for climate scientists, environmental activists, and everyone else concerned about climate stability (it’s also good news for manufacturers involved in the supply chains for solar panels and wind turbines).

However, it does raise some serious questions for power companies and their engineering teams. One of those questions is: How should we tie a renewable energy source with intermittent availability and variable output into transmission and distribution grids whose customers expect uninterrupted service?

Another way to state this conundrum might be: What should we do when the wind’s not blowing hard enough or the sun’s not shining at all and consumers don’t want blackouts?

A new approach to renewable energy and grid integration

One of the solutions that have been put forward involves the establishment of virtual power plants (VPPs).

VPPs are connected networks of individual energy sources that can provide extra electricity to the grid at large, when demand is surging or supply is lagging, as in the case of extreme cold snaps like those that hit Texas in February 2021. These systems are typically small in scale, below utility size, and can be formed by groups of private citizens and/or businesses. They can include conventional energy sources such as diesel generators or natural gas-fired power stations, renewable sources such as solar panels or wind turbines used to charge battery storage units or a combination of both.

The networks consist of collections of connected energy sources, each of which is capable of accessing the internet. They use special software or cloud computing services to connect these energy sources to each other and to collect data on their performance and availability of these energy sources. They also use the same solutions to maintain and operate their connections to the grid – that is, to the wider networks operated by utilities.

VPPs can strike agreements with utilities that allow them to use their grid connections to send extra power to utilities when needed. They may draw that extra power from conventional sources such as a diesel generator or from battery units charged by renewable sources such as rooftop solar panels.

Agreements of these types benefit participants in the VPP systems by giving them the means to add renewables (or otherwise make their own contributions) to the energy balance. But they can also benefit utilities experiencing unexpected fluctuations in supply and demand. They can come in handy if, for example, a local power provider finds itself struggling to meet increased demand for air conditioning during a heatwave because of an emergency outage at the gas-fired plant that supplies most of the area’s electric power.

How to protect a complex and uneven attack surface

On one level, VPPs offer an ingenious solution to the question of how to integrate renewables into the energy balance. They can help utilities use production from small-scale wind and solar generation units to minimize the impact of supply and demand fluctuations.

But on another level, VPPs present their own problems. By definition, they’re distributed systems. They include multiple generations and/or storage units in multiple locations. Their participants all connect to the same network, but their components are not interchangeable. They’re not necessarily using the same devices or the same technologies, so their equipment may not be inherently compatible.

As a result, VPPs are not easy to secure. They present a complex and uneven attack surface with many potential points of entry, and their participants may not all have the same knowledge of, or approach to, the threats facing connected systems.

But make no mistake: VPPs do have to be secured. Although they tend to have relatively small generating capacities compared to utility-scale plants, they do still contribute to the power sector, which the U.S. government has designated as a critical infrastructure system. Moreover, they are designed to provide crucial support to utility-scale power providers at times when transmission and distribution networks are under strain, and they don’t work if their connections fail.

Maximizing visibility in distributed systems

So what can you do to help secure a VPP? And by extension, what can you do to secure other types of distributed systems, such as microgrids, that bring individual actors together to support sectors with extensive operational technology (OT) networks?

The answer should involve network visibility. More specifically, it ought to involve choosing a security solution that follows best practices in visibility fabric architecture.

As we noted above, VPPs are complex by nature. They often consist of multiple unrelated (and potentially incompatible) devices, and their components are usually not located within the same facility. All the components must remain connected so that the VPP can keep track of how much power is available within the system for transfer to the grid at any point in time.

The best security solution is always one that allows you to keep track of every device and every source of activity within the system, along with every connection between devices. After all, you can’t secure what you can’t see, and that’s exactly what good visibility fabric architecture allows you to do. The deployment of network TAPs, data diodes, and packet brokers empower your security tools to monitor, manage, and direct data flows without blindspots.

This may sound complicated, but it’s the kind of challenge Garland Technology sees every day. We work with utilities and infrastructure customers that maintain complex distributed networks, and we can put our experience to work for you.

So let us help. Try joining us for a brief network Design-IT consultation or demo. No obligation – it’s what we love to do.