UK Electricity prices hit 10-year high as cheap wind power wanes

Crouching Yeti APT targets energy infrastructure with watering-hole attacks, compromising servers to steal credentials and stage intrusions; Kaspersky Lab links the Energetic Bear group to ICS threats across Russia, US, Europe, and Turkey.

Key Points

Crouching Yeti APT, aka Energetic Bear, is a threat group that targets energy firms using watering-hole attacks.

✅ Targets energy infrastructure via watering-hole compromises

✅ Uses open-source tools and backdoored sshd for persistence

✅ Scans global servers to stage intrusions and steal credentials

A hacker collective known for attacking industrial companies around the world have had some of their infrastructure identified by Russian security specialists.

Kaspersky Lab said that it has discovered a number of servers compromised by the group, belonging to different organisations based in Russia, the US, and Turkey, as well as European countries.

The Russian-speaking hackers, known as Crouching Yeti or Energetic Bear, mostly focus on energy facilities, as seen in reports of infiltration of the U.S. power grid targeting critical infrastructure, for the main purpose of stealing valuable data from victim systems.

Hacked servers

Crouching Yeti is described as an advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010.

#google#

Kaspersky Lab said that the servers it has compromised are not just limited to industrial companies. The servers were hit in 2016 and 2017 with different intentions. Some were compromised to gain access to other resources or to be used as intermediaries to conduct attacks on other resources.

Others, including those hosting Russian websites, were used as watering holes.

It is a common tactic for Crouching Yeti to utilise watering hole attacks where the attackers inject websites with a link redirecting visitors to a malicious server.

“In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, US, Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack,” said the security specialists in a blog posting.

“The range of websites and servers that captured the attention of the intruders is extensive,” the firm said. “Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Kaspersky Lab said that the hackers used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. The researchers also found a modified sshd file with a preinstalled backdoor. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques,” explained Vladimir Dashchenko, head of vulnerability research group at Kaspersky Lab ICS CERT.

Russian government?

“Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” he said.

“The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks,” said Dashchenko. “The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.”

This may well tie into a similar conclusion from a rival security vendor.

In 2014 CrowdStrike claimed that the ‘Energetic Bear’ group was also tracked in Symantec's Dragonfly research and had been hacking foreign companies on behalf of the Russian state.

The security vendor had said the group had been carrying out attacks on foreign companies since 2012, with reports of breaches at U.S. power plants that underscored the campaign, and there was evidence that these operations were sanctioned by the Russian government.

Last month the United States for the first time publicly accused Russia in a condemnation of Russian grid hacking of attacks against the American power grid.

Symantec meanwhile warned last year of a resurgence in cyber attacks on European and US energy companies, including reports of access to U.S. utility control rooms that could result in widespread power outages.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Related News

• Electricity Forum News

• Grid Technologies News

Smart solar inverters anchor DER communications and control, meeting IEEE 1547 and California Rule 21 for volt/VAR, reactive power, and ride-through, expanding hosting capacity and enabling grid services via secure real-time telemetry and commands.

Key Points

Smart solar inverters use IEEE 1547, volt/VAR and reactive power to stabilize circuits and integrate DER safely.

✅ Meet IEEE 1547, Rule 21 ride-through and volt/VAR functions

✅ Support reactive power to manage voltage and hosting capacity

✅ Enable utility communications, telemetry, and grid services

Advanced solar inverters could be one of the biggest distributed energy resource communications and control points out there someday. With California now requiring at least early-stage “smart” capabilities from all new solar projects — and a standards road map for next-stage efforts like real-time communications and active controls — this future now has a template.

There are still a lot of unanswered questions about how smart inverters will be used.

That was the consensus at Intersolar this week, where experts discussed the latest developments on the U.S. smart solar inverter front. After years of pilot projects, multi-stakeholder technical working groups, and slow and steady standards development, solar smart inverters are finally starting to hit the market en masse — even if it’s not yet clear just what will be done with them once they’re installed.

“From the technical perspective, the standards are firm,” Roger Salas, distribution engineering manager for Southern California Edison, said. In September of last year, his utility started requiring that all new solar installations come with “Phase 1" advanced inverter functionality, as defined under the state’s Rule 21.

Later this month, it’s going to start requiring “reactive power priority” for these inverters, and in February 2019, it’s going to start requiring that inverters support the communications capabilities described in “Phase 2,” as well as some more advanced “Phase 3” capabilities.

Increasing hosting capacity: A win-win for solar and utilities

Each of these phases aligns with a different value proposition for smart inverters. The first phase is largely preventative, aimed at solving the kinds of problems that have forced costly upgrades to how inverters operate in solar-heavy Germany and Hawaii.

The key standard in question in the U.S. is IEEE 1547, which sets the rules for what grid-connected DERs must do to stay safe, such as trip offline when the grid goes down, or avoid overloading local transformers or circuits.

The old version of the standard, however, had a lot of restrictive rules on tripping off during relatively common voltage excursions, which could cause real problems on circuits with a lot of solar dropping off all at once.

Phase 1 implementation of IEEE 1547 is all about removing these barriers, Salas said. “They need to be stable, they need to be connected, they need to be able to support the grid.”

This should increase hosting capacity on circuits that would have otherwise been constrained by these unwelcome behaviors, he said.

Reactive power: Where utility and solar imperatives collide

The old versions of IEEE 1547 also didn’t provide rules for how inverters could use one of their more flexible capabilities: the ability to inject or absorb reactive power to mitigate voltage fluctuations, including those that may be caused by the PV itself. The new version opens up this capability, which could allow for an active application of reactive power to further increase hosting capacity, as well as solve other grid edge challenges for utilities.

But where utilities see opportunity, the solar industry sees a threat. Every unit of reactive power comes at the cost of a reduction in the real power output of solar inverters — and almost every solar installation out there is paid based on the real power it produces.

“If you’re tasked to do things that rob your energy sales, that will reduce compensation,” noted Ric O'Connell, executive director of the Oakland, Calif.-based GridLab. “And a lot of systems have third-party owners — the Sunruns, the Teslas — with growing Powerwall fleets — that have contracts, performance guarantees, and they want to get those financed. It’s harder to do that if there’s uncertainty in the future with curtailment."

“That’s the bottleneck right now,” said Daniel Munoz-Alvarez, a GTM Research grid edge analyst. “As we develop markets on the retail end for ...volt/VAR control to be compensated on the grid edge and that is compensated back to the customer, then the customer will be more willing to allow the utility to control their smart inverters or to allow some automation.”

But first, he said, “We need some agreed-upon functions.”

The future: Communications, controls and DER integration

The next stage of smart inverter functionality is establishing communications with the utility. After that, utilities will be able use them to monitor key DER data, or issue disconnect and reconnect commands in emergencies, as well as actively orchestrate other utility devices and systems through emerging virtual power plant strategies across their service areas.

This last area is where Salas sees the greatest opportunity to putting mass-market smart solar inverters to use. “If you want to maximize the DERs and what they can do, the need information from the grid. And DERs provide operational and capability information to the utility.”

Inverter makers have already been forced by California to enable the latest IEEE 1547 capabilities into their existing controls systems — but they are clearly embracing the role that their devices can play on the grid as well. Microinverter maker Enphase leveraged its work in Hawaii into a grid services business, seeking to provide data to utilities where they already had a significant number of installations. While Enphase has since scaled back dramatically, its main rival SolarEdge has taken up the same challenge, launching its own grid services arm earlier this summer.

Inverters have been technically capable of doing most of these things for a long time. But utilities and regulators have been waiting for the completion of IEEE 1547 to move forward decisively. Patrick Dalton, senior engineer for Xcel Energy, said his company’s utilities in Colorado and Minnesota are still several years away from mandating advanced inverter capabilities and are waiting for California’s energy transition example in order to choose a path forward.

In the meantime, it’s possible that Xcel's front-of-meter volt/VAR optimization investments in Colorado, including grid edge devices from startup Varentec, could solve many of the issues that have been addressed by smart inverter efforts in Hawaii and California, he noted.

The broader landscape for rolling out smart inverters for solar installations hasn’t changed much, with Hawaii and California still out ahead of the pack, while territories such as Puerto Rico microgrid rules evolve to support resilience. Arizona is the next most important state, with a high penetration of distributed solar, a contentious policy climate surrounding its proper treatment in future years, and a big smart inverter pilot from utility Arizona Public Service to inform stakeholders.

All told, eight separate smart inverter pilots are underway across eight states at present, according to GTM Research: Pacific Gas & Electric and San Diego Gas & Electric in California; APS and Salt River Project in Arizona; Hawaiian Electric in Hawaii; Duke Energy in North Carolina; Con Edison in New York; and a three-state pilot funded by the Department of Energy’s SunShot program and led by the Electric Power Research Institute.

Related News

• Electricity Forum News

• Grid Technologies News

Russian cyberattacks on U.S. power grid exposed DHS warnings: Dragonfly/Energetic Bear breached control rooms, ICS networks, and could trigger blackouts via switch manipulation, phishing, and malware, threatening critical infrastructure and utility operations nationwide.

Key Points

State-backed breaches of utility ICS and control rooms enabled potential switch manipulation and blackouts.

✅ DHS: Dragonfly/Energetic Bear breached utility networks

✅ Access reached control rooms and ICS for switch control

✅ Ongoing campaign via phishing, malware, lateral movement

Russian hackers for a state-sponsored organization invaded hundreds of control rooms of U.S. electric utilities that could have led to blackouts, a new report says.

The group, known as Dragonfly or Energetic Bear, infiltrated networks of U.S. utilities as part of an effort that is likely ongoing, Department of Homeland Security officials told the Wall Street Journal.

Jonathan Home, chief of industrial-control-system analysis for DHS, said the hackers “got to the point where they could have thrown switches” and upset power flows.

Although the agency did not disclose which companies were impacted, the officials at a briefing Monday said that there were “hundreds of victims” including breaches at power plants across the U.S., and that some companies may not be aware that hackers infiltrated their networks yet.

According to experts, Russia has been preparing for such attacks for some time now, prompting a renewed focus on protecting the grid among utilities and policymakers.

“They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack,” said former Deputy Assistant Defense Secretary Michael Carpenter, now senior director at the Penn Biden Center at the University of Pennsylvania, per the Wall Street Journal. “They are waging a covert war on the West.”

Earlier this year, the Trump administration claimed Russia had staged a power grid hacking campaign against the U.S. energy grid and other U.S. infrastructure.

The report comes after President Trump told reporters last week during a joint press conference in Helsinki alongside Russian President Vladimir Putin that he had no reason not to believe the Russian leader's assurances to him that the Kremlin was not to blame for interference in the election.

Trump later admitted that he misspoke when he said he didn’t “see any reason why” Russia would have meddled in the 2016 election, and said he believes the U.S. intelligence community assessment that found that the Russian government did interfere in the electoral process.

Related News

• Electricity Forum News

• Grid Technologies News

Maryland Community Solar Program enables renters and condo residents to subscribe to offsite solar, earn utility bill discounts, and support projects across BGE, Pepco, Delmarva, and Potomac Edison territories, with low to moderate income participation.

Key Points

A pilot allowing residents to subscribe to offsite solar and get bill credits and savings, regardless of home ownership.

✅ 5-10 percent discounts on standard utility rates

✅ Available in BGE, Pepco, Delmarva, Potomac Edison areas

✅ Includes low and moderate income subscriber carve-outs

Maryland has launched a pilot program that will allow anyone to power their home with solar panels — even if they are renters or condo-dwellers, or live in the shade of trees.

Solar developers are looking for hundreds of residents to subscribe to six power projects planned across the state, including recently announced sites in Owings Mills and Westminster. Their offers include discounts on standard electric rates.

The developers need a critical mass of customers who are willing to buy the projects’ electricity before they can move forward with plans to install solar panels on about 80 acres. Under state rules, the customer base must include low- and moderate-income residents, many of whom face energy insecurity challenges.

The idea of the community solar program is to tap into the pool of residential customers who don’t want to get their energy from fossil fuels but currently have no way to switch to a cleaner alternative.

That could significantly expand demand for solar projects, said Gary Skulnik, a longtime Maryland solar entrepreneur.

Skulnik is now CEO of Neighborhood Sun, a company recruiting customers for the six projects.

“You’re signing up for a project that won’t exist unless we get enough subscribers,” Skulnik said. “You’re actually getting a new project built.”

It could also stoke simmering conflicts over what sort of land is appropriate for solar development.

The General Assembly authorized the community solar pilot program in 2015. But not-in-my-backyard opposition and concerns about the loss of agricultural land have slowed progress.

Community solar could force more communities to confront those sorts of clashes — and to consider more carefully where solar farms belong.

“We are going to see a lot more solar development in the state,” said Megan Billingsley, assistant director of the Valleys Planning Council in Baltimore County. “One of the things we haven’t seen is any direction or thoughtful planning on where we want to see solar development.”

The General Assembly authorized about 200 megawatts in community solar projects — enough to power about 40,000 households — over three years.

Customers can sign up for projects built within the territory of their electric utility. About half of that solar energy load has been allotted for the region served by Baltimore Gas and Electric Co.

By subscribing to a community solar project, customers won’t actually be getting their electricity from its photovoltaic panels. But their payments will help finance it and, in some cases, complementary battery storage solutions as well.

The Public Service Commission has approved six projects so far: Two in BGE territory, in Owings Mills and near Westminster; one in Pepco territory, in Prince George’s County; two in Delmarva Power and Light territory, in Caroline and Worcester counties; and one in Potomac Edison territory, in Washington County where planning officials have developed proposed recommendations.

More projects are expected to win approval in the next two years.

But none of them can be built unless they catch on with electricity customers. The developers are looking for 2,600 customers statewide.

Skulnik would not say how many customers an individual project needs to get the green light. But he said that the Prince George’s proposal, a 25-acre array atop a Fort Washington landfill is the closest, with about 100 subscribers so far.

The terms of subscription vary by project, but discounts range from 5 percent to 10 percent off utility rates. Customers are asked to commit to the projects for as long as 25 years. (They can break the contracts with advance notice, or if they move to a different utility service area.)

Maryland joins more than a dozen states in advancing community solar projects, as scientists work to improve solar and wind power technology.

Corey Ramsden is an executive for Solar United Neighbors, a nonprofit that promotes the solar industry in eight states and the District of Columbia.

He said potential customers are often confused by the mechanics of subscribing to community solar, or hesitant to commit for years or even decades. The industry is working to answer questions and get people more comfortable with the idea, he said.

But it has been a challenge across the country, including debates over New England grid upgrades, and in Maryland. Advocates for solar say there is broad support for renewable energy generation. The state has set goals to increase green energy use and reduce greenhouse gas emissions.

Still, many Marylanders don’t welcome the reality when a project attempts to move in.

Rural land is often the most desirable for solar developers, because it requires the least effort to prepare for an array of panels. But community groups in those areas have asked whether land historically used for farming is right for a more industrial use.

“People are very much in favor of going for a lot more renewables, for whatever reason,” said Dru Schmidt-Perkins, the former president of the land conservation group 1,000 Friends of Maryland. “That support comes to a screeching halt when land that is perceived to be valuable for other things, whether a historic view­shed or farming, suddenly becomes a target of a location for this new project.”

Such concerns have at least temporarily stalled the momentum for solar across the state. Anne Arundel County had at least five small community solar projects in the pipeline in December when officials decided to pause development for eight months. Baltimore County officials imposed a four-month moratorium on solar development before passing an ordinance last year to limit the size and number of solar farms.

Billingsley said the Valley Plannings Council, which advocates for historic and rural areas in western Baltimore County, is frustrated that there hasn’t been more discussion about which areas the county should target for solar development — and which it shouldn’t.

She said she fears that pressure to expand solar farms across rural lands is only going to grow as community solar projects launch, and as lawmakers in Annapolis talk about more policies to promote investment in renewable energy.

Schmidt-Perkins called community solar “an amazing program” for those who would install solar panels on their roofs if they could. But she said its launch heightens the importance of discussions about a broader solar strategy.

“Most communities are caught a little flat-footed on this and are somewhat at the mercy of an industry that’s chomping at the bit,” she said. “It’s time for Maryland to say, ‘Okay, let’s come up with our plan so that we know how much solar can we really generate in this state on lands that are not conflict-based.’”

Related News

• Electricity Forum News

• Renewable Energy News

Sault Ste. Marie Smart Grid Investment upgrades PUC Distribution infrastructure with federal funding, clean energy tech, outage reduction, customer insights, and reliability gains, creating 140 jobs and attracting industry to a resilient, efficient grid.

Key Points

A federally funded PUC Distribution project to modernize the citywide grid, cut outages, boost efficiency, and create jobs.

✅ $11.8M federal funding to PUC Distribution

✅ Citywide smart grid cuts outages and energy loss

✅ 140 jobs; attracts clean tech and industry

PUC Distribution Inc. in Sault Ste. Marie is receiving $11.8 million from the federal government to invest in infrastructure, as utilities nationwide have faced pandemic-related losses that underscore the need for resilient systems.

The MP for the riding, Terry Sheehan, made the announcement on Monday.

The money will go to the utility's smart grid project, where technologies like a centralized SCADA system can enhance situational awareness and control.

"This smart grid project offers a glimpse into our clean energy future and represents a new wave of economic activity for the region," Sheehan said.

"Along with job creation, new industries will be attracted to a modern grid, supported by stable electricity pricing that helps competitiveness, all while helping the environment."

His office says the investment will allow the utility to reduce outages, provide more information to customers to help make smarter electricity use choices, aligned with Ontario's energy-efficiency programs that encourage conservation, and offer more services.

"This is an innovative project that makes Sault Ste. Marie a leader," mayor Christian Provenzano said.

"We will be the first city in our country to implement a community-wide smart grid. Once it is complete, the smart grid will make our energy infrastructure more reliable, reduce energy loss and lead to a more innovative economy for our community."

The project will also create 140 new jobs.

"As a community-focused utility, we are always looking for innovative ways to help our customers save money amid concerns about hydro disconnections during winter, and reduce their carbon footprint," Rob Brewster, president and CEO of PUC Distribution said.

"The investment the government has made in our community will not only help modernize our city's electrical distribution system [as] once the project is complete, Sault Ste. Marie will have access to an electricity grid that can handle the growing demands of a city in the 21st century."

Related News

• Electricity Forum News

• Grid Technologies News

Georgia Electricity Imports October 2017 surged as hydropower output fell and thermal power plants underperformed; ESCO balanced demand via low-cost imports, mainly from Azerbaijan, amid rising tariffs, kWh consumption growth, and a widening generation-consumption gap.

Key Points

They mark a record import surge due to costly local generation, lower hydropower, ESCO balancing costs, and rising demand.

✅ Imports rose 832% YoY to 157 mln kWh, mainly from Azerbaijan

✅ TPP output fell despite capacity; only low-tariff plants ran

✅ Balancing price 13.8 tetri/kWh signaled costly domestic PPAs

In October 2017, Georgian power plants generated 828 mln. KWh of electricity, marginally up (+0.79%) compared to September. Following the traditional seasonal pattern and amid European concerns over dispatchable power shortages affecting markets, the share of electricity produced by renewable sources declined to 71% of total generation (87% in September), while thermal power generation’s share increased, accounting for 29% of total generation (compared to 13% in September). When we compare last October’s total generation with the total generation of October 2016, however, we observe an 8.7% decrease in total generation (in October 2016, total generation was 907 mln. kWh). The overall decline in generation with respect to the previous year is due to a simultaneous decline in both thermal power and hydro power generation. 

Consumption of electricity on the local market in the same period was 949 mln. kWh (+7% compared to October 2016, and +3% with respect to September 2017), and reflected global trends such as India's electricity growth in recent years. The gap between consumption and generation increased to 121 mln. kWh (15% of the amount generated in October), up from 100 mln. kWh in September. Even more importantly, the situation was radically different with respect to the prior year, when generation exceeded consumption.

The import figure for October was by far the highest from the last 12 years (since ESCO was established), occurring as Ukraine electricity exports resumed regionally, highlighting wider cross-border dynamics. In October 2017, Georgia imported 157 mln. kWh of electricity (for 5.2 ¢/kWh – 13 tetri/kWh). This constituted an 832% increase compared to October 2016, and is about 50% larger than the second largest import figure (104.2 mln. kWh in October 2014). Most of the October 2017 imports (99.6%) came from Azerbaijan, with the remaining 0.04% coming from Russia.

The main question that comes to mind when observing these statistics is: why did Georgia import so much? One might argue that this is just the result of a bad year for hydropower generation and increased demand. This argument, however, is not fully convincing. While it is true that hydropower generation declined and demand increased, the country’s excess demand could have been easily satisfied by its existing thermal power plants, even as imported coal volumes rose in regional markets. Instead of increasing, however, the electricity coming from thermal power plants declined as well. Therefore, that cannot be the reason, and another must be found. The first that comes to mind is that importing electricity may have been cheaper than buying it from local TPPs, or from other generators selling electricity to ESCO under power purchase agreements (PPAs). We can test the first part of this hypothesis by comparing the average price of imported electricity to the price ceiling on the tariff that TPPs can charge for the electricity they sell. Looking at the trade statistics from Geostat, the average price for imported electricity in October 2017 remained stable with respect to the same month of the previous year, at 5.2 ¢ (13 tetri) per kWh. Only two thermal power plants (Gardabani and Mtkvari) had a price ceiling below 13 tetri per kWh. Observing the electricity balance of Georgia, we see that indeed more than 98% of the electricity generated by TPPs in October 2017 was generated by those two power plants.

What about other potential sources of electricity amid Central Asia's power shortages at the time? To answer this question, we can use the information derived from the weighted average price of balancing electricity. Why balancing electricity? Because it allows us to reconstruct the costs the market operator (ESCO) faced during the month of October to make sure demand and supply were balanced, and it allows us to gain an insight about the price of electricity sold through PPAs.

ESCO reports that the weighted average price of balancing electricity in October 2017 was 13.8 tetri/kWh, (25% higher than in October 2016, when it was below the average weighted cost of imports – 11 vs. 13 – and when the quantity of imported electricity was substantially smaller). Knowing that in October 2017, 61% of balancing electricity came from imports, while 39% came from hydropower and wind power plants selling electricity to ESCO under their PPAs, we can deduce that in this case, internal generation was (on average) also substantially more expensive than imports. Therefore, the high cost of internally generated electricity, rather than the technical impossibility of generating enough electricity to satisfy electricity demand, indeed appears to be one the main reasons why electricity imports spiked in October 2017.

Related News

• Electricity Forum News

• Power Generation News