UK Energy Industry Divided Over Free Electricity Debate

Russian cyberattacks on U.S. power grid exposed DHS warnings: Dragonfly/Energetic Bear breached control rooms, ICS networks, and could trigger blackouts via switch manipulation, phishing, and malware, threatening critical infrastructure and utility operations nationwide.

Key Points

State-backed breaches of utility ICS and control rooms enabled potential switch manipulation and blackouts.

✅ DHS: Dragonfly/Energetic Bear breached utility networks

✅ Access reached control rooms and ICS for switch control

✅ Ongoing campaign via phishing, malware, lateral movement

Russian hackers for a state-sponsored organization invaded hundreds of control rooms of U.S. electric utilities that could have led to blackouts, a new report says.

The group, known as Dragonfly or Energetic Bear, infiltrated networks of U.S. utilities as part of an effort that is likely ongoing, Department of Homeland Security officials told the Wall Street Journal.

Jonathan Home, chief of industrial-control-system analysis for DHS, said the hackers “got to the point where they could have thrown switches” and upset power flows.

Although the agency did not disclose which companies were impacted, the officials at a briefing Monday said that there were “hundreds of victims” including breaches at power plants across the U.S., and that some companies may not be aware that hackers infiltrated their networks yet.

According to experts, Russia has been preparing for such attacks for some time now, prompting a renewed focus on protecting the grid among utilities and policymakers.

“They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack,” said former Deputy Assistant Defense Secretary Michael Carpenter, now senior director at the Penn Biden Center at the University of Pennsylvania, per the Wall Street Journal. “They are waging a covert war on the West.”

Earlier this year, the Trump administration claimed Russia had staged a power grid hacking campaign against the U.S. energy grid and other U.S. infrastructure.

The report comes after President Trump told reporters last week during a joint press conference in Helsinki alongside Russian President Vladimir Putin that he had no reason not to believe the Russian leader's assurances to him that the Kremlin was not to blame for interference in the election.

Trump later admitted that he misspoke when he said he didn’t “see any reason why” Russia would have meddled in the 2016 election, and said he believes the U.S. intelligence community assessment that found that the Russian government did interfere in the electoral process.

Related News

• Electricity Forum News

• Grid Technologies News

Smart solar inverters anchor DER communications and control, meeting IEEE 1547 and California Rule 21 for volt/VAR, reactive power, and ride-through, expanding hosting capacity and enabling grid services via secure real-time telemetry and commands.

Key Points

Smart solar inverters use IEEE 1547, volt/VAR and reactive power to stabilize circuits and integrate DER safely.

✅ Meet IEEE 1547, Rule 21 ride-through and volt/VAR functions

✅ Support reactive power to manage voltage and hosting capacity

✅ Enable utility communications, telemetry, and grid services

Advanced solar inverters could be one of the biggest distributed energy resource communications and control points out there someday. With California now requiring at least early-stage “smart” capabilities from all new solar projects — and a standards road map for next-stage efforts like real-time communications and active controls — this future now has a template.

There are still a lot of unanswered questions about how smart inverters will be used.

That was the consensus at Intersolar this week, where experts discussed the latest developments on the U.S. smart solar inverter front. After years of pilot projects, multi-stakeholder technical working groups, and slow and steady standards development, solar smart inverters are finally starting to hit the market en masse — even if it’s not yet clear just what will be done with them once they’re installed.

“From the technical perspective, the standards are firm,” Roger Salas, distribution engineering manager for Southern California Edison, said. In September of last year, his utility started requiring that all new solar installations come with “Phase 1" advanced inverter functionality, as defined under the state’s Rule 21.

Later this month, it’s going to start requiring “reactive power priority” for these inverters, and in February 2019, it’s going to start requiring that inverters support the communications capabilities described in “Phase 2,” as well as some more advanced “Phase 3” capabilities.

Increasing hosting capacity: A win-win for solar and utilities

Each of these phases aligns with a different value proposition for smart inverters. The first phase is largely preventative, aimed at solving the kinds of problems that have forced costly upgrades to how inverters operate in solar-heavy Germany and Hawaii.

The key standard in question in the U.S. is IEEE 1547, which sets the rules for what grid-connected DERs must do to stay safe, such as trip offline when the grid goes down, or avoid overloading local transformers or circuits.

The old version of the standard, however, had a lot of restrictive rules on tripping off during relatively common voltage excursions, which could cause real problems on circuits with a lot of solar dropping off all at once.

Phase 1 implementation of IEEE 1547 is all about removing these barriers, Salas said. “They need to be stable, they need to be connected, they need to be able to support the grid.”

This should increase hosting capacity on circuits that would have otherwise been constrained by these unwelcome behaviors, he said.

Reactive power: Where utility and solar imperatives collide

The old versions of IEEE 1547 also didn’t provide rules for how inverters could use one of their more flexible capabilities: the ability to inject or absorb reactive power to mitigate voltage fluctuations, including those that may be caused by the PV itself. The new version opens up this capability, which could allow for an active application of reactive power to further increase hosting capacity, as well as solve other grid edge challenges for utilities.

But where utilities see opportunity, the solar industry sees a threat. Every unit of reactive power comes at the cost of a reduction in the real power output of solar inverters — and almost every solar installation out there is paid based on the real power it produces.

“If you’re tasked to do things that rob your energy sales, that will reduce compensation,” noted Ric O'Connell, executive director of the Oakland, Calif.-based GridLab. “And a lot of systems have third-party owners — the Sunruns, the Teslas — with growing Powerwall fleets — that have contracts, performance guarantees, and they want to get those financed. It’s harder to do that if there’s uncertainty in the future with curtailment."

“That’s the bottleneck right now,” said Daniel Munoz-Alvarez, a GTM Research grid edge analyst. “As we develop markets on the retail end for ...volt/VAR control to be compensated on the grid edge and that is compensated back to the customer, then the customer will be more willing to allow the utility to control their smart inverters or to allow some automation.”

But first, he said, “We need some agreed-upon functions.”

The future: Communications, controls and DER integration

The next stage of smart inverter functionality is establishing communications with the utility. After that, utilities will be able use them to monitor key DER data, or issue disconnect and reconnect commands in emergencies, as well as actively orchestrate other utility devices and systems through emerging virtual power plant strategies across their service areas.

This last area is where Salas sees the greatest opportunity to putting mass-market smart solar inverters to use. “If you want to maximize the DERs and what they can do, the need information from the grid. And DERs provide operational and capability information to the utility.”

Inverter makers have already been forced by California to enable the latest IEEE 1547 capabilities into their existing controls systems — but they are clearly embracing the role that their devices can play on the grid as well. Microinverter maker Enphase leveraged its work in Hawaii into a grid services business, seeking to provide data to utilities where they already had a significant number of installations. While Enphase has since scaled back dramatically, its main rival SolarEdge has taken up the same challenge, launching its own grid services arm earlier this summer.

Inverters have been technically capable of doing most of these things for a long time. But utilities and regulators have been waiting for the completion of IEEE 1547 to move forward decisively. Patrick Dalton, senior engineer for Xcel Energy, said his company’s utilities in Colorado and Minnesota are still several years away from mandating advanced inverter capabilities and are waiting for California’s energy transition example in order to choose a path forward.

In the meantime, it’s possible that Xcel's front-of-meter volt/VAR optimization investments in Colorado, including grid edge devices from startup Varentec, could solve many of the issues that have been addressed by smart inverter efforts in Hawaii and California, he noted.

The broader landscape for rolling out smart inverters for solar installations hasn’t changed much, with Hawaii and California still out ahead of the pack, while territories such as Puerto Rico microgrid rules evolve to support resilience. Arizona is the next most important state, with a high penetration of distributed solar, a contentious policy climate surrounding its proper treatment in future years, and a big smart inverter pilot from utility Arizona Public Service to inform stakeholders.

All told, eight separate smart inverter pilots are underway across eight states at present, according to GTM Research: Pacific Gas & Electric and San Diego Gas & Electric in California; APS and Salt River Project in Arizona; Hawaiian Electric in Hawaii; Duke Energy in North Carolina; Con Edison in New York; and a three-state pilot funded by the Department of Energy’s SunShot program and led by the Electric Power Research Institute.

Related News

• Electricity Forum News

• Grid Technologies News

Crouching Yeti APT targets energy infrastructure with watering-hole attacks, compromising servers to steal credentials and stage intrusions; Kaspersky Lab links the Energetic Bear group to ICS threats across Russia, US, Europe, and Turkey.

Key Points

Crouching Yeti APT, aka Energetic Bear, is a threat group that targets energy firms using watering-hole attacks.

✅ Targets energy infrastructure via watering-hole compromises

✅ Uses open-source tools and backdoored sshd for persistence

✅ Scans global servers to stage intrusions and steal credentials

A hacker collective known for attacking industrial companies around the world have had some of their infrastructure identified by Russian security specialists.

Kaspersky Lab said that it has discovered a number of servers compromised by the group, belonging to different organisations based in Russia, the US, and Turkey, as well as European countries.

The Russian-speaking hackers, known as Crouching Yeti or Energetic Bear, mostly focus on energy facilities, as seen in reports of infiltration of the U.S. power grid targeting critical infrastructure, for the main purpose of stealing valuable data from victim systems.

Hacked servers

Crouching Yeti is described as an advanced persistent threat (APT) group that Kaspersky Lab has been tracking since 2010.

#google#

Kaspersky Lab said that the servers it has compromised are not just limited to industrial companies. The servers were hit in 2016 and 2017 with different intentions. Some were compromised to gain access to other resources or to be used as intermediaries to conduct attacks on other resources.

Others, including those hosting Russian websites, were used as watering holes.

It is a common tactic for Crouching Yeti to utilise watering hole attacks where the attackers inject websites with a link redirecting visitors to a malicious server.

“In the process of analysing infected servers, researchers identified numerous websites and servers used by organisations in Russia, US, Europe, Asia and Latin America that the attackers had scanned with various tools, possibly to find a server that could be used to establish a foothold for hosting the attackers’ tools and to subsequently develop an attack,” said the security specialists in a blog posting.

“The range of websites and servers that captured the attention of the intruders is extensive,” the firm said. “Kaspersky Lab researchers found that the attackers had scanned numerous websites of different types, including online stores and services, public organisations, NGOs, manufacturing, etc.

Kaspersky Lab said that the hackers used publicly available malicious tools, designed for analysing servers, and for seeking out and collecting information. The researchers also found a modified sshd file with a preinstalled backdoor. This was used to replace the original file and could be authorised with a ‘master password’.

“Crouching Yeti is a notorious Russian-speaking group that has been active for many years and is still successfully targeting industrial organisations through watering hole attacks, among other techniques,” explained Vladimir Dashchenko, head of vulnerability research group at Kaspersky Lab ICS CERT.

Russian government?

“Our findings show that the group compromised servers not only for establishing watering holes, but also for further scanning, and they actively used open-sourced tools that made it much harder to identify them afterwards,” he said.

“The group’s activities, such as initial data collection, the theft of authentication data, and the scanning of resources, are used to launch further attacks,” said Dashchenko. “The diversity of infected servers and scanned resources suggests the group may operate in the interests of the third parties.”

This may well tie into a similar conclusion from a rival security vendor.

In 2014 CrowdStrike claimed that the ‘Energetic Bear’ group was also tracked in Symantec's Dragonfly research and had been hacking foreign companies on behalf of the Russian state.

The security vendor had said the group had been carrying out attacks on foreign companies since 2012, with reports of breaches at U.S. power plants that underscored the campaign, and there was evidence that these operations were sanctioned by the Russian government.

Last month the United States for the first time publicly accused Russia in a condemnation of Russian grid hacking of attacks against the American power grid.

Symantec meanwhile warned last year of a resurgence in cyber attacks on European and US energy companies, including reports of access to U.S. utility control rooms that could result in widespread power outages.

And last July the UK’s National Cyber Security Centre (NCSC) acknowledged it was investigating a broad wave of attacks on companies in the British energy and manufacturing sectors.

Related News

• Electricity Forum News

• Grid Technologies News

U.S. Power Grid Cybersecurity combats DHS-FBI flagged threats to energy infrastructure, with PJM Interconnection using ICS/SCADA segmentation, phishing defenses, incident response, and resilience exercises against Russia-linked attacks and pipeline intrusions.

Key Points

Strategies, controls, and training that protect U.S. electric infrastructure from cyber threats and disruptions.

✅ ICS/SCADA network segmentation and zero-trust architecture

✅ Employee phishing drills and incident response playbooks

✅ DOE-led grid exercises and threat intelligence sharing

The joint alert from the FBI and Department of Homeland Security last month warning that Russia was hacking into critical U.S. energy infrastructure, as outlined in six essential reads on Russian hacks from recent coverage, came as no surprise to the nation’s largest grid operator, PJM Interconnection.

“You will never stop people from trying to get into your systems. That isn’t even something we try to do.” said PJM Chief Information Officer, Tom O’Brien. “People will always try to get into your systems. The question is, what controls do you have to not allow them to penetrate? And how do you respond in the event they actually do get into your system?”

PJM is the regional transmission organization for 65 million people, covering 13 states, including Pennsylvania, and Washington D.C.

On a rainy day in early April, about 10 people were working inside PJM’s main control center, outside Philadelphia, closely monitoring floor-to-ceiling digital displays showing real-time information from the electric power sector throughout PJM’s territory in the mid-Atlantic and parts of the midwest, amid reports that hackers accessed control rooms at U.S. utilities.

#google#

Donnie Bielak, a reliability engineering manager, was overseeing things from his office, perched one floor up.

“This is a very large, orchestrated effort that goes unnoticed most of the time,” Bielak said. “That’s a good thing.”

But the industry certainly did take notice in late 2015 and early 2016, when hackers successfully disrupted power to the Ukrainian grid. The outages lasted a few hours and affected about 225,000 customers. It was the first publicly-known case of a cyber attack causing major disruptions to a power grid. It was widely blamed on Russia.

One of the many lessons of the Ukraine attacks was a reminder to people who work on critical infrastructure to keep an eye out for odd communications.

“A very large percentage of entry points to attacks are coming through emails,” O’Brien said. “That’s why PJM, as well as many others, have aggressive phishing campaigns. We’re training our employees.”

O’Brien doesn’t want to get into specifics about how PJM deals with cyber threats. But one common way to limit exposure is by having separate systems: For example, industrial controls in a power plant are not connected to corporate business networks, a separation underscored after breaches at U.S. power plants prompted reviews across the sector.

Since 2011, North American grid operators and government agencies have also done large, security exercises every two years. Thousands of people practice how they’d respond to a coordinated physical or cyber event, including rising substation attacks that highlight resilience gaps.

So far, nothing like that has happened in the U.S. It’s possible, but not likely, according to Robert M. Lee, a former military intelligence analyst, who runs the industrial cybersecurity firm Dragos.

“The more complex the system, the harder it is to have a scalable attack,” said Lee, who co-authored a report analyzing the Ukraine attacks. “If you wanted to take out a power generation station– that isn’t the most complex thing. Let’s say you cause an hour of outage. But now you want to cause two months of outages? That’s an exponential increase in effort required.”

For example, he said, it would very difficult for hackers to knock out power to the entire east coast for a long time. But briefly disrupting a major city is easier. That’s the sort of thing that keeps him up at night.

“I worry about an adversary getting into, maybe, Washington D.C.’s portion of the grid, taking down power for 30 minutes,” he said.

The Department of Energy is creating a new office focused on cybersecurity and emergency response, following the U.S. government’s condemnation of power grid hacking by Russia.

Deterrence may be one reason why there has not yet been a major attack on the U.S. grid, said John MacWilliams, a former senior DOE official who’s now a fellow at Columbia University’s Center on Global Energy Policy.

“That’s obviously an act of war,” he said. “We have the capability of responding either through cyber mechanisms or kinetic military.”

In the meantime, small-scale incidents keep happening.

This spring, another cyber attack targeted natural gas pipelines. Four companies shut down their computer systems, just in case, but they say no service was disrupted.

Related News

• Electricity Forum News

• Grid Technologies News

U.S. Electricity Demand Decoupling signals GDP growth without higher load, driven by energy efficiency, LED adoption, services-led output, and rising renewables integration with the grid, plus EV charging and battery storage supporting decarbonization.

Key Points

GDP grows as electricity use stays flat, driven by efficiency, renewables, and a shift toward services and output.

✅ LEDs and codes cut residential and commercial load intensity.

✅ Wind, solar, and gas gain share as coal and nuclear struggle.

✅ EVs and storage can grow load and enable grid decarbonization.

By Justin Fox

Economic growth picked up a little in the U.S. in 2017. But electricity use fell, with electricity sales projections continuing to decline, according to data released recently by the Energy Information Administration. It's now been basically flat for more than a decade:

Measured on a per-capita basis, electricity use is in clear decline, and is already back to the levels of the mid-1990s.

Sources: U.S. Energy Information Administration, U.S. Bureau of Economic Analysis

*Includes small-scale solar generation from 2014 onward

I constructed these charts to go all the way back to 1949 in part because I can (that's how far back the EIA data series goes) but also because it makes clear what a momentous change this is. Electricity use rose and rose and rose and then ... it didn't anymore.

Slower economic growth since 2007 has been part of the reason, but the 2017 numbers make clear that higher gross domestic product no longer necessarily requires more electricity, although the Iron Law of Climate is often cited to suggest rising energy use with economic growth. I wrote a column last year about this big shift, and there's not a whole lot new to say about what's causing it: mainly increased energy efficiency (driven to a remarkable extent by the rise of LED light bulbs), and the continuing migration of economic activity away from making tangible things and toward providing services and virtual products such as games and binge-watchable TV series (that are themselves consumed on ever-more-energy-efficient electronic devices).

What's worth going over, though, is what this means for those in the business of generating electricity. The Donald Trump administration has made saving coal-fired electric plants a big priority; the struggles of nuclear power plants have sparked concern from multiple quarters. Meanwhile, U.S. natural gas production has grown by more than 40 percent since 2007, thanks to hydraulic fracturing and other new drilling techniques, while wind and solar generation keep making big gains in cost and market share. And this is all happening within the context of a no-growth electricity market.

In China, a mystery in China's electricity data has complicated global comparisons.

Here are the five main sources of electric power in the U.S.:

The big story over the past decade has been coal and natural gas trading places as the top fuel for electricity generation. Over the past year and a half coal regained some of that lost ground as natural gas prices rose from the lows of early 2016. But with overall electricity use flat and production from wind and solar on the rise, that hasn't translated into big increases in coal generation overall.

Oh, and about solar. It's only a major factor in a few states (California especially), so it doesn't make the top five. But it's definitely on the rise.

What happens next? For power generators, the best bet for breaking out of the current no-growth pattern is to electrify more of the U.S. economy, especially transportation. A big part of the attraction of electric cars and trucks for policy-makers and others is their potential to be emissions-free. But they're only really emissions-free if the electricity used to charge them is generated in an emissions-free manner -- creating a pretty strong business case for continuing "decarbonization" of the electric industry. It's conceivable that electric car batteries could even assist in that decarbonization by storing the intermittent power generated by wind and solar and delivering it back onto the grid when needed.

I don't know exactly how all this will play out. Nobody does. But the business of generating electricity isn't going back to its pre-2008 normal. 

Related News

• Electricity Forum News

• Power Generation News

UK Electricity Price Surge driven by wholesale gas costs, low wind output, and higher gas-fired generation, as National Grid boosts base load power to meet demand, lifting weekend prices toward decade highs.

Key Points

A sharp rise in UK power prices tied to gas spikes, waning wind, and higher reliance on gas-fired generation.

✅ Wholesale gas prices squeeze power, doubling weekend baseload.

✅ Wind generation falls to 3GW, forcing more gas-fired plants.

✅ Tariff hikes signal bill pressure and supplier strain.

The UK’s electricity market has followed the lead of surging wholesale gas prices this week to reach weekend highs, with UK peak power prices not seen in a decade across the market.

The power market has avoided the severe volatility which ripped through the gas market this week because strong winds helped to supply ample electricity to meet demand, reflecting recent record wind generation across the UK.

But as freezing winds begin to wane this weekend National Grid will need to use more gas-fired power plants to fill the gap, meaning the cost of generating electricity will surge.

Jamie Stewart, an energy expert at ICIS, said the price for base load power this weekend has already soared to around £80 per megawatt hour, almost double what one would expect to see for a weekend in March.

National Grid will increase its use of expensive gas-fired power by an extra 7GW to make up for low wind power, which is forecast to drop by two-thirds in the days ahead.

Wind speeds helped to protect the electricity system from huge price hikes on the neighbouring gas market on Thursday, by generating as much as 13GW by some estimates.

However, by the end of Friday this output will fall by almost half to 7GW and slump to lows of 3GW by Saturday, Mr Stewart said.

The power price was already higher than usual at £53/MWh last weekend even before the full force of the storms, including Storm Malik wind generation, hit Britain. That was still well above the more typical "mid-40s” price for this time of year, Mr Stewart added.

The twin price spikes across the UK’s energy markets has raised fears of household bill hikes in the months ahead, even as an emergency energy plan is not going ahead.

Late on Thursday Big Six supplier E.on quietly pushed through a dual-fuel tariff increase of 2.6%, to drive the average bill up to £1,153 from 19 April.

Energy supply minnow Bulb also increased prices by £24 a year for its 300,000 customers, blaming rising wholesale costs.

The UK has suffered two gas price shocks this winter, which is the first since the owner of British Gas shuttered the country’s largest gas storage facility at Rough off the Yorkshire coast.

A string of gas supply outages this week cut supplies to the UK just as freezing conditions drove demand for gas-heating a third higher than normal for this time of year.

It was the first time in almost ten years that National Grid was forced to issue a short supply warning to the market that supplies would fall short of demand unless factories agree to use less.

The twelve-year market price highs followed a pre-Christmas spike when the UK’s most important North Sea pipeline shut down at the same time as a deadly explosion at Europe’s most important gas hub, based in the Austrian town of Baumgarten.

Related News

• Electricity Forum News

• Power Generation News