Playing electrical Russian roulette

Canadian Industrial IoT Cybersecurity Standards aim to unify device security for utilities, smart grids, SCADA, and OT systems, aligning with NERC CIP, enabling certification, trust marks, compliance testing, and safer energy sector deployments.

Key Points

National standards to secure industrial IoT for utilities and grids, enabling certification and NERC CIP alignment.

✅ Aligns with NERC CIP and NIST frameworks for energy sector security

✅ Defines certification, testing tools, and a trusted device repository

✅ Enhances OT, SCADA, and smart grid resilience against cyber threats

The Canadian energy sector has been buying Internet-connected sensors for monitoring a range of activities in generating plants, distribution networks facing harsh weather risks and home smart meters for several years. However, so far industrial IoT device makers have been creating their own security standards for devices, leaving energy producers and utilities at their mercy.

The industry hopes to change that by creating national cybersecurity standards for industrial IoT devices, with the goal of improving its ability to predict, prevent, respond to and recover from cyber threats, such as emerging ransomware attacks across the grid.

To help, the federal government today announced an $818,000 grant support a CIO Strategy Council project oversee the setting of standards.

In an interview council executive director Keith Jansa said the money will help a three-year effort that will include holding a set of cross-country meetings with industry, government, academics and interest groups to create the standards, tools to be able to test devices against the standards and the development of product repository of IoT safe devices companies can consult before making purchases.

“The challenge is there are a number of these devices that will be coming online over the next few years,” Jansa said. “IoT devices are designed for convenience and not for security, so how do you ensure that a technology an electricity utility secures is in fact safeguarded against cyber threats? Currently, there is no associated trust mark or certification that gives confidence associated with these devices.”

He also said the council will work with the North American Electric Reliability Corporation (NERC), which sets North American-wide utility safety procedural standards and informs efforts on protecting the power grid across jurisdictions. The industrial IoT standards will be product standards.

According to Robert Wong, vice-president and CIO of Toronto Hydro, all the big provincial utilities are subject to adhering to NERC CIP standards which have requirements for both cyber and physical security. Ontario is different from most provinces in that it has local distribution companies — like Toronto Hydro — which buy electricity in bulk and resell it to customers.  These LDCs don’t own or operate critical infrastructure and therefore don’t have to follow the NERC CIP standards.

Regional reforms, such as regulatory changes in Atlantic Canada, aim to bring greener power options to the grid.

Electricity is considered around the world as one of a country’s critical national infrastructure. Threats to the grid can be used for ransom or by a country for political pressure. Ukraine had its power network knocked offline in 2015 and 2016 by what were believed to be Russian-linked attackers operating against utilities.

All the big provincial utilities operate “critical infrastructure” and are subject to adhering to NERC CIP (critical infrastructure protection) standards, which have requirements for both cyber and physical security, as similar compromises at U.S. electric utilities have highlighted recently.  There are audited on a regular basis for compliance and can face hefty fines if they fail to meet the requirements.  The LDCs in Ontario don’t own or operate “critical infrastructure” and therefore are not required to adopt NERC CIP standards (at least for now).

The CIO Strategy Council is a forum for chief information officers that is helping set standards in a number of areas. In January it announced a partnership with the Internet Society’s Canada Chapter to create standards of practice for IoT security for consumer devices. As part of the federal government’s updated national cybersecurity strategy it is also developing a national cybersecurity standard for small and medium-sized businesses. That strategy would allow SMBs to advertise to customers that they meet minimum security requirements.

“The security of Canadians and our critical infrastructure is paramount,” federal minister of natural resources Seamus O’Regan said in a statement with today’s announcement. “Cyber attacks are becoming more common and dangerous. That’s why we are supporting this innovative project to protect the Canadian electricity sector.”

The announcement was welcomed by Robert Wong, Toronto Hydro’s vice-president and CIO. “Any additional investment towards strengthening the safeguards against cyberattacks to Canada’s critical infrastructure is definitely good news.  From the perspective of the electricity sector, the convergence of IT and OT (operational technology) has been happening for some time now as the traditional electricity grid has been transforming into a Smart Grid with the introduction of smart meters, SCADA systems, electronic sensors and monitors, smart relays, intelligent automated switching capabilities, distributed energy resources, and storage technologies (batteries, flywheels, compressed air, etc.).

“In my experience, many OT device and system manufacturers and vendors are still lagging the traditional IT vendors in incorporating Security by Design philosophies and effective security features into their products.  This, in turn, creates greater risks and challenges for utilities to protecting their critical infrastructures and ensuring a reliable supply of electricity to its customers.”

The Ontario Energy Board, which regulates the industry in the province, has led an initiative for all utilities to adopt the National Institute of Standards and Technology (NIST) Cybersecurity Framework, along with the ES-C2M2 maturity and Privacy By Design models, he noted.  Toronto Hydro has been managing its cybersecurity practice in adherence to these standards, as the city addresses growing electricity needs as well, he said.

“Other jurisdictions, such as Israel, have invested heavily on a national level in developing its cybersecurity capabilities and are seen as global leaders.  I am confident that given the availability of talent, capabilities and resources in Canada (especially around the GTA) if we get strong support and leadership at a federal level we can also emerge as a leader in this area as well.”

Related News

• Electricity Forum News

• Grid Technologies News

Nordic Power Grid Dispute highlights cross-border interconnector congestion, curtailed exports and imports, hydropower priorities, winter demand spikes, rising spot prices, and transmission grid security amid decarbonization efforts across Sweden, Norway, Finland, and Denmark.

Key Points

A clash over interconnectors and capacity cuts reshaping trade, prices, and reliability in the Nordic power market.

✅ Sweden cuts interconnector capacity to protect grid stability

✅ Norway prioritizes higher-priced exports via new cables

✅ Finland and Denmark seek EU action on capacity curtailments

A spat over electricity supplies is heating up in northern Europe. Sweden is blocking Norway from using its grids to transfer power from producers throughout the region. That’s angered Norway, which in turn has cut flows to its Nordic neighbor.

The dispute has built up around the use of cross-border power cables, which are a key part of Europe’s plans to decarbonize since they give adjacent countries access to low-carbon resources such as wind or hydropower. The electricity flows to wherever prices are higher, informed by how electricity is priced across Europe, without interference from grid operators -- but in the event of a supply squeeze, flows can be stopped.

Sweden moved to safeguard the security of its grid after Norway started increasing electricity exports through huge new cables to Germany and the U.K. Those exports at times have drawn energy away from Sweden, resulting in the country’s system operator cutting capacity at its Nordic borders, preventing exports but also hindering imports, which it relies on to handle demand spikes during winter.

“This is not a good situation in the long run,” Christian Holtz, a energy market consultant for Merlin & Metis AB.

Norway hit back last week by cutting flows to Sweden, this will prioritize better paying customers in Europe, amid Irish price spikes that highlight dispatchable shortages, giving them access to its vast hydro resources at the expense of its Nordic neighbors. 

By partially closing its borders Sweden can’t access imports either, which it relies on to handle demand spikes during the coldest days of the winter. 

In Denmark, unusual summer and autumn winds have at times delivered extraordinarily low electricity prices that ripple through regional markets.

The Swedish grid manager Svenska Kraftnat has reduced export capacity at cables across its borders by as much as half this year to keep operations secure. Finland and Denmark rely on imports too and the cuts will come at a cost for millions of homes and industries across the four nations already contending with record electricity rates this year. 

Finland and Denmark want the European Union to end the exemption to regulations that make such reductions possible in the first place, as Europe is losing nuclear power and facing tighter supply.

“Imports from our neighboring countries ensure adequacy at times of peak consumption,” said Reima Paivinen, head of operation at the Finland’s Fingrid. “The recent surge in electricity prices throughout Europe does not directly affect the adequacy of electricity, but prices may rise dramatically for short periods.”

Svenska Kraftnat says it’s not political -- it has no choice but to cut capacity until its old grids are expanded to handle the new direction of flows, a challenge mirrored by grid expansion woes in Germany that slow integration. That could take at least until 2030 to complete, it said earlier this year. At the same time, Norway halving available export capacity to about 1,200 megawatts will increase risk of shortages. 

“If we need more we will have to count on imports from other countries,” said Erik Ek, head of strategic operation at Svenska Kraftnat. “If that is not available, we will have to disconnect users the day it gets cold.”

Related News

• Electricity Forum News

• Grid Technologies News

Puerto Rico Power Restoration advances as PREPA, FEMA, and the Army Corps rebuild the grid after Hurricane Maria; 75% of customers powered, amid privatization debate, Whitefish contract fallout, and a continuing island-wide boil-water advisory.

Key Points

Effort to rebuild Puerto Rico's grid and restore power, led by PREPA with FEMA support after Hurricane Maria.

✅ 75.35% of customers have power; 90.8% grid generating

✅ PREPA, FEMA, and Army Corps lead restoration work

✅ Privatization debate, Whitefish contract scrutiny

Nearly six months after Hurricane Maria decimated Puerto Rico, the island's electricity has been restored to 75 percent capacity, according to its utility company, a contrast to California power shutdowns implemented for different reasons.

The Puerto Rico Electric Power Authority said Sunday that 75.35 percent of customers now have electricity. It added that 90.8 percent of the electrical grid, already anemic even before the Sept. 20 storm barrelled through the island, is generating power again, though demand dynamics can vary widely as seen in Spain's power demand during lockdowns.

Thousands of power restoration personnel made up of the Puerto Rico Electric Power Authority (PREPA), the Federal Emergency Management Agency (FEMA), industry workers from the mainland, and the Army Corps of Engineers have made marked progress in recent weeks, even as California power shutoffs highlight grid risks elsewhere.

Despite this, 65 people in shelters and an island-wide boil water advisory is still in effect even though almost 100 percent of Puerto Ricans have access to drinking water, local government records show.

The issue of power became controversial after Puerto Rico Gov. Ricardo Rossello recently announced plans to privatize PREPA after it chose to allocate a $300 million power restoration contract to Whitefish, a Montana-based company with only a few staffers, rather than put it through the mutual-aid network of public utilities usually called upon to coordinate power restoration after major disasters, and unlike investor-owned utilities overseen by regulators such as the Florida PSC on the mainland.

That contract was nixed and Whitefish stopped working in Puerto Rico after FEMA raised "significant concerns" over the procurement process, scrutiny mirrored by the fallout from Taiwan's widespread outage where the economic minister resigned.

Related News

• Electricity Forum News

• Utility Operations News

Russian Utility Grid Cyberattacks reveal DHS findings on Dragonfly/Energetic Bear breaching control rooms and ICS/SCADA via vendor supply-chain spear-phishing, threatening blackouts and critical infrastructure across U.S. power utilities through stolen credentials and reconnaissance.

Key Points

State-backed ops breaching utilities via vendors to reach ICS/SCADA, risking grid disruption and control-room access.

✅ Spear-phishing and watering-hole attacks on vendor networks

✅ Stolen credentials used to reach isolated ICS/SCADA

✅ Potential to trigger localized blackouts and service disruptions

Hackers working for Russia were able to gain access to the control rooms of US electric utilities last year, allowing them to cause blackouts, federal officials tell the Wall Street Journal.

The hackers -- working for a state-sponsored group previously identified as Dragonfly or Energetic Bear -- broke into utilities' isolated networks by hacking networks belonging to third-party vendors that had relationships with the power companies, the Department of Homeland Security said in a press briefing on Monday.

Officials said the campaign had claimed hundreds of victims and is likely continuing, the Journal reported.

"They got to the point where they could have thrown switches" to disrupt the flow power, Jonathan Homer, chief of industrial-control-system analysis for DHS, told the Journal.

"While hundreds of energy and non-energy companies were targeted, the incident where they gained access to the industrial control system was a very small generation asset that would not have had any impact on the larger grid if taken offline," the DHS said in a statement Tuesday. "Over the course of the past year as we continued to investigate the activity, we learned additional information which would be helpful to industry in defending against this threat."

Organizations running the nation's energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years due to their ability to cause immediate chaos, whether it's starting a blackout or blocking traffic signals. These systems are often vulnerable because of antiquated software and the high costs of upgrading infrastructure.

The report comes amid heightened tension between Russia and the US over cybersecurity, alongside US condemnation of power grid hacking in recent months. Earlier this month, US special counsel Robert Mueller filed charges against 12 Russian hackers tied to cyberattacks on the Democratic National Committee.

Hackers compromised US power utility companies' corporate networks with conventional approaches, such as spear-phishing emails and watering-hole attacks as seen in breaches at power plants across the US that target a specific group of users by infecting websites they're known to visit, the newspaper reported. After gaining access to vendor networks, hackers turned their attention to stealing credentials for access to the utility networks and familiarizing themselves with facility operations, officials said, according to the Journal.

Homeland Security didn't identify the victims, the newspaper reports, adding that some companies may not know they had been compromised because the attacks used legitimate credentials to gain access to the networks.

Cyberattacks on electrical systems aren't an academic matter. In 2016, Ukraine's grid was disrupted by cyberattacks attributed to Russia, which is engaged in territorial disputes with the country over eastern Ukraine and the Crimean peninsula. Russia has denied any involvement in targeting critical infrastructure.

President Donald Trump signed an executive order in May designed to bolster the United States' cybersecurity by protecting federal networks, critical infrastructure and the public online. One section of the order focuses on protecting the grid like electricity and water, as well as financial, health care and telecommunications systems.

The Department of Homeland Security didn't respond to a request for comment.

Related News

• Electricity Forum News

• Grid Technologies News

Hydrogen Energy Transition accelerates green hydrogen, electrolyzers, renewables, and fuel cells, as the EU and US scale decarbonization, NextEra tests hydrogen-to-power, and DOE funds pilots to replace natural gas and cut CO2.

Key Points

A shift to deploy green hydrogen tech to decarbonize power, industry, and transport across EU and US energy systems.

✅ EU targets 40 GW electrolyzers plus 40 GW imports by 2030

✅ DOE funds pilots; NextEra trials hydrogen-to-power at Okeechobee

✅ Aims to replace natural gas, enable fuel cells, cut CO2

Last month, the European Union set out a comprehensive hydrogen strategy as part of its goal to achieve carbon neutrality for all its industries by 2050. The EU has an ambitious target to build out at least 40 gigawatts of electrolyzers within its borders by 2030 and also support the development of another 40 gigawatts of green hydrogen in nearby countries that can export to the region by the same date. The announcement came as little surprise, given that Europe is regarded as being far ahead of the United States in the shift to renewable energy, even as it looks to catch up on fuel cells with Asian leaders today.

But the hydrogen bug has finally arrived stateside: The U.S. Department of Energy has unveiled the H2@Scale initiative whereby a handful of companies including Cummins Inc. (NYSE: CMI), Caterpillar Inc.(NYSE: CAT), 3M Company (NYSE: MMM), Plug Power Inc.(NASDAQ: PLUG) and EV startup Nikola Corp.(NASDAQ: NKLA), even as the industry faces threats to the EV boom that investors are watching, will receive $64 million in government funding for hydrogen research projects.

Hot on the heels of the DoE initiative: American electric utility and renewable energy giant, NextEra Energy Inc.(NYSE: NEE), has unveiled an equally ambitious plan to start replacing its natural gas-powered plants with hydrogen.

During its latest earnings call, NextEra’s CFO Rebecca Kujawa said the company is “…particularly excited about the long-term potential of hydrogen” and discussed plans to start a pilot hydrogen project at one of its generating stations at Okeechobee Clean Energy Center owned by its subsidiary, Florida Power & Light (FPL). NextEra reported Q2 revenue of $4.2B (-15.5% Y/Y), which fell short of Wall Street’s consensus by $1.12B while GAAP EPS of $2.59 (+1.1% Y/Y) beat estimates by $0.09. The company attributed the big revenue slump to the effects of Covid-19.

Renewable energy and hydrogen stocks have lately become hot property as EV adoption hits an inflection point worldwide, with NEE up 16% in the year-to-date; PLUG +144%, Bloom Energy Corp. (NYSE: BE) +62.8% while Ballard Power Systems (NASDAQ: BLDP) has gained 98.2% over the timeframe.

NextEra’s usual modus operandi involves conducting small experiments with new technologies to establish their cost-effectiveness, a pragmatic approach informed by how electricity changed in 2021 across the grid, before going big if the trials are successful.

CFO Kujawa told analysts:
“Based on our ongoing analysis of the long-term potential of low-cost renewables, we remain confident as ever that wind, solar, and battery storage will be hugely disruptive to the country’s existing generation fleet, while reducing cost for customers and helping to achieve future CO2 emissions reductions. However, to achieve an emissions-free future, we believe that other technologies will be necessary, and we are particularly excited about the long-term potential of hydrogen.”

NextEra plans to test the electricity-to-hydrogen-to-electricity model at its natural gas-powered Okeechobee Clean Energy Center that came online in 2019. Okeechobee is already regarded as one of the cleanest thermal energy facilities anywhere on the globe. However, replacing natural gas with zero emissions hydrogen would be a significant step in helping the company achieve its goal to become 100% emissions-free by 2050.

Kujawa said the company plans to continue evaluating other potential hydrogen opportunities to accelerate the decarbonization of transportation fuel, amid the debate over the future of vehicles between electricity and hydrogen, and industrial feedstock and also support future demand for low-cost renewables.

Another critical milestone: NextEra finished the quarter with a renewables backlog of approximately 14,400 megawatts, its largest in its 20-year development history. To put that backlog into context, NextEra revealed that it is larger than the operating wind and solar portfolios of all but two companies in the world.

Hydrogen Bubble?
That said, not everybody is buying the hydrogen hype.

Barron’s Bill Apton says Wall Street has discovered hydrogen this year and that hydrogen stocks are a bubble, even as hybrid vehicles gain momentum in the U.S. market according to recent reports. Apton says the huge runup by Plug Power, Ballard Energy, and Bloom Energy has left them trading at more than 50x future cash flow, making it hard for them to grow into their steep valuations. He notes that smaller hydrogen companies are up against big players and deep-pocketed manufacturers, including government-backed rivals in China and the likes of Cummins.

According to Apton, it could take a decade or more before environmentally-friendly hydrogen can become competitive with natural gas on a cost-basis, while new ideas like flow battery cars also vie for attention, making hydrogen stocks better long-term picks than the cult stocks they have become.

Related News

• Electricity Forum News

• EV Infrastructure News

Nova Scotia Power solar charge proposes an $8/kW monthly system access fee on net metering customers, citing grid costs. UARB review, carbon credits, rate hikes, and solar industry impacts fuel political and consumer backlash.

Key Points

A proposed $8/kW monthly grid access fee on net metered solar customers, delayed to Feb 1, 2023, pending UARB review.

✅ $8/kW monthly system access fee on net metering

✅ Delay to Feb 1, 2023 after industry and political pushback

✅ UARB review; debate over grid costs and carbon credits

Nova Scotia Power has pushed back by a year the start date of a proposed new charge for customers who generate electricity and sell it back to the grid, following days of concern from the solar industry and politicians worried that it will damage the sector.

The company applied to the Nova Scotia Utility and Review Board (UARB) last week for various changes, including a "system access charge" of $8 per kilowatt monthly on net metered installations, and the province cannot order the utility to lower rates under current law. The vast majority of the province's 4,100 net metering customers are residential customers with solar power, according to the application. 

The proposed charge would have come into effect Tuesday if approved, but Nova Scotia Power said in a news release Tuesday it will change the date in its filing from Feb. 1, 2022, to Feb. 1, 2023.

"We understand that the solar industry was taken off guard," utility CEO Peter Gregg said in an interview.

"There could have been an opportunity to have more conversations in advance."

Gregg said the utility will meet with members of the solar industry over the next year to work on finding solutions that support the sector's growth, while addressing what NSP sees as an inequity in the net metering system.

NSP recognized that customers who choose solar invest a significant amount and pay for the electricity they use, but they don't pay for costs associated with accessing the electrical grid when they need energy, such as on cold winter evenings when the sun is not shining.

"I know that's hit a nerve, but it doesn't take away the fact that it is an issue," Gregg said.

He said this is an issue utilities are navigating around North America, where seasonal rate designs have sparked consumer backlash in New Brunswick, and NSP is open to hearing ideas for other models of charges or fees.

The utility's suggested system access charge closely resembles one proposed in California, which has also raised major concerns from the solar industry and been criticized by the likes of Elon Musk, and has parallels to Massachusetts solar demand charges as well.

Although the "solar profile" of Nova Scotia and California is very different, with far more solar customers in that state, and in other provinces such as Saskatchewan, NDP criticism of 8% hikes has intensified affordability debates, Gregg said the fundamental issues are the same.

For those with a typical 10-kilowatt solar system, which generates around $1,800 of electricity a year, the new charge would mean those customers would be required to pay $960 back to NSP. That would roughly double the length of time it takes for those customers to pay off their investment for the panels.

David Brushett, chair of Solar Nova Scotia, said he relayed concerns from solar installers and others in the industry to Gregg on Monday. 

Brushett said the year delay is a positive first step, but he is still calling on the province to take a strong stance against the application, which has led to customers cancelling their panel installations and companies considering layoffs.

"There's still an urgency to this situation that hasn't been addressed, and we need to kind of protect the industry," he said Tuesday.

NSP's original application proposed exempting net metering customers who enrolled before Feb. 1, 2022, from the charge for 25 years after they sign up. But any benefit would be lost if those customers sold their home, and the exemption wouldn't extend to the new buyers, said Brushett.

Carbon offsets missing from equation: industry
Brushett said NSP "completely ignored" the fact that it's getting free carbon offset credits from homeowners who use solar energy under the provincial cap and trade program.

If the net metering system continues as is, NSP has said non-solar customers would pay about $55 million between now and 2030. That number assumes about 2,000 people sign up for net metering each year over the next nine years.

When asked whether those carbon emission credits were factored into the calculations for the proposed charge, Gregg said, "I don't believe in the current structure it is, but it's something that certainly we'd be open to hearing about."

Brushett said his group is finalizing a legal response to NSP's proposal and has already filed an official complaint against the company with the UARB.

Base charge on actual electrical output: customer
At least one shareholder in NSP parent company Emera is considering selling his shares in response to the application.

Joe Hood, a shareholder from Middle Sackville, said the proposed charge won't apply to his existing 11.16-kilowatt solar system, but if it did, it would cost him $1,071 a year.

"I am offended that a company I would invest in would do this to the solar industry in Nova Scotia," he said.

According to his meter, Hood said he pushed 9,600 kilowatt hours of solar electricity to the grid last year— some only for a brief period, and all of which was used by his home by the end of the year.

Under the proposed charge, someone with one solar panel who goes away on vacation in the summer would push all their electricity to the grid, and be charged far less than someone with 10 panels who has used all their own power and hasn't pushed anything.

"Nova Scotia Power's argument is that it's an issue with the grid. Well, then it should be based on what touches the grid," Hood said.

Far from actually making the system fair for everyone, Hood said this charge places solar only in the hands of the super-rich or NSP, with projects like its community solar gardens in Amherst, N.S.

Green Party suggests legislation update
Nova Scotia's Green Party also said Tuesday that Gregg's arguments of fairness are misleading, echoing earlier premier opposition to a 14% hike on rates.

The party is calling for an update to the Electricity Act that would "prevent penalizing any activity that helps Nova Scotia reach its emissions target," aligning with calls to make the electricity system more accountable to residents.

In its application, NSP has also asked to increase electricity rates for residential customers by at least 10 per cent over the next three years, amid debate that culminated in a 14% rate hike approval by regulators. 

The company wants to maintain its nine per cent rate of return.

NSP expects to earn $153 million this year, $192 million in 2023, and $213 million in 2024 from its rate of return. 

Related News

• Electricity Forum News

• Renewable Energy News