Nowadays companies are committed to finding solutions that strengthen industrial cybersecurity and enable operations to continue normally in response to the growing number of comparable cybersecurity incidents occurring in OT systems. We will discuss the best techniques for protecting vital infrastructure in this article, specifically the energy storage system for the renewable energy industry. When we talk about renewable energy, we frequently picture solar or wind farms that provide cleaner electricity to people all over the world. It is a great project that reduces carbon pollution while maintaining the pace of the world economy. Together, the public and private sectors are moving up to this greener future.


Energy Storage Security Challenges

 

      How Does an Energy Storage System Works (ESS)?

The electrical energy generated by a generator can be converted into a form that can be stored by an energy storage system. The rechargeable battery is a typical example of energy storage in renewable energy. The energy management system (EMS) and the power plant controller make up a typical ESS in a wind or solar farm, which monitors and regulates ESS activities in real time. The battery management system (BMS) and power conversion system (PCS) containers gather data, and these data will be aggregated by the power plant controller. Additionally, all the equipment is kept inside containers that are frequently mainly used in severe environments like the Arctic or deserts, with significant renewable energy sources like the sun and wind.


 


      Security challenges:

As was already noted, the ESS has a number of mechanisms to guarantee the stability of the entire steps of power storage and supply. The network connection between the EMS, PCS, and BMS must be secured from attacks and other unauthorized activities that might interfere with normal operations. As a result, we advise looking at the potential security concerns from two aspects:  


  • Does the access to the network security boundary appear to be authenticated and authorized, and are commands being sent correctly?
  •           Are communications at the edge secured? How well does the device protect access and communication?

 

In order for the entire system to be efficiently transported and connected to the farm and grid, these security procedures must be adapted when containers are being designed and produced at the production lines.


A Guide to Safeguarding Energy Storage Systems

 

As a way to better understand these two perspectives, we will examine the following case studies to study how both Ethernet and serial-based networks can be protected.


      Build horizontal and vertical security boundaries

With Modbus deep packet inspection (DPI) and stateful firewalls deployed in between the renewable energy system, power plant controller, power conversion system, and substation system, communication between these systems is protected.

 

Vertical protection: The firewalls serve as a crucial gatekeeper to safeguard system-to-system connectivity.

Horizontal protection: The Modbus deep packet inspection engine can analyze commands while they are being sent and discard any packets that are not listed or allowed.




As seen in the diagram, firewalls and the Modbus deep packet inspection engine create both vertical and horizontal protection. Communication at the edge is simplified by the protocol gateway.

 

Note: The installation of an all-in-one firewall/NAT/VPN/switch solution with network redundancy can support system integrators in effectively designing the network architecture before the systems are put into operation at the field site since solar or wind farms are frequently positioned in remote locations. Additionally, the NAT function can help maintain the consistency of IP addresses for the components inside each container, easing the difficulties brought on by conflicting IP addresses.




      Improve Li-ion ESS Remote Connection Security

We suggest an efficient edge connectivity solution placed in between an ESS and the control center to ensure secure and smooth communications.

 

facilitating edge communication: Utilize protocol gateways to provide smooth communication between Ethernet-based RTUs and batteries with Modbus serial interfaces.

Communication security: Ensure that the communication and access to the device are properly secured by utilizing security features such as HTTPS, SNMPv3 management, and Accessible IP Addresses. This will minimize risks while also increasing the dependability of remote connections.


Note: You must be aware of a number of operational factors to guarantee the ESS runs without a hassle. The control center should continuously monitor data including battery level, power stability, and environmental factors. Operators can gather data from a range of serial-based field devices and seamlessly integrate it into Ethernet-based systems with the help of a protocol gateway that offers simple-to-use setup options. Additionally, secure-hardened protocol gateways with built-in security features and a step-by-step security guide can improve the security of your device without any kind of effort.

 

Customers all across the world have benefited from Moxa's services in creating secure networks and communication.


Conclusions


In response to the goal of increasing the renewables and maintaining the power supplies, an energy storage system (ESS) that is safe and dependable can significantly increase the electrical capacity of the renewable energy sector. An ESS is crucial for maintaining the safety of critical infrastructure. We suggest and encourage safeguarding the network and communications by specifying the network security boundaries to control who can access a network and what data they may transfer over it.  Moreover, it is crucial to guarantee the security of communications between the devices that link the batteries and sensors within the containers in order to increase the dependability of the power storage and management system.

 

To achieve all of these for your ESS applications, Moxa's MGate Series protocol gateways provide a wide range of protocol conversion solutions. When connecting critical field data to IP networks, these protocol gateways, which are based on the IEC 62443 standard, will increase the security of your equipment and connectivity. Also, Moxa's MGate gateways come with simple and clear setup and troubleshooting tools, which simplifies and speeds device deployment and helps to ease the maintenance procedures for engineers.

 

Moxa's EDR-G9010 series of industrial multi-port secure routers help to improve cybersecurity by limiting lateral (east-west) transmission of dangerous or unauthorized traffic in addition to providing boundary protection. these series of multiport industrial secure routers, which has a deep packet inspect the engine, can identify industrial protocols such as Modbus TCP/UDP and DNP3 traffic to secure connection between the ESS and substation.


Easy World's Moxa's official distributor in the Middle East. For any further information please contact us via sales@eworldme.com.