Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS)

Letzte Aktualisierung am 08. Januar 2019.

Das amerikanische Verteidigungsministerium (DoD) hat 2011 das Forschungsprojekt Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS)  in Auftrag gegeben. Damit sollte erforscht werden, wie die Abhängigkeit von fossilen Treibstoffen / Logistikketten vor allem in Einsatzräumen reduziert werden kann. Zum anderen sollte die militärische Handlungsfähigkeit im Falle eines erfolgreichen (Cyber-)Angriffes auf die amerikanische Stromversorgung erhöht werden!

For these reasons, the US military has become one of the key drivers of microgrid growth, as government funding advances mobile power and hybrid microgrid solutions.  The investment has already made microgrids more secure and reliable.

Der dabei eingeschlagene Weg entspricht durchaus unserem Energiezellensystemansatz, wenn auch mit einem lokalen Fokus. Nichtsdestotrotz gibt es im Final Report einige interessante Erkenntnisse, die hier zitiert werden:

The 2011 Implementation Directive (ID) for the Smart Power Infrastructure Demonstration for Energy Reliability and Security (SPIDERS) Joint Capability Technology Demonstration (JCTD) established an objective to “demonstrate a secure microgrid architecture with the ability to maintain operational surety through secure, reliable, and resilient electric power generation and distribution. The results of the JCTD will help inform infrastructure investment decisions at DOD [Department of Defense] facilities needed to reduce the unacceptably high risk of extended electric grid outages.” The SPIDERS JCTD demonstrated the practicality and benefits of creating microgrids within existing military infrastructure. There are key features of microgrids that provide benefits related to energy reliability, security, cost, and environmental impacts, all of which are objectives of the DOD.

“Military installations are almost completely dependent on a fragile and vulnerable commercial power grid, placing critical military and Homeland defense missions at unacceptable risk of extended outage.”

However, various factors have prompted the need to reassess this assumption:

• Increased optimization and integration of utility grid operations during normal operation creates interdependency among grid operators and the potential for larger scale outages resulting from a domino effect.
• A steadily increasing percentage of less-consistent power sources (such as private renewable sources) are being integrated into grid systems.
• Internet-based control and data acquisition are increasingly integrated into a growing number of infrastructures, which also opens up the exponential growth in the number and sophistication of cyber threats to industrial control systems. [siehe etwa auch Hackerangriffe auf Energieversorger]
• Decades of deregulation have reduced investment in infrastructure.

These factors leave the nation’s power grid (and indirectly the military’s) increasingly vulnerable to sabotage or natural disasters, potentially resulting in widespread failures. [Auch wenn in Europa die Situation etwas besser sein/erscheinen mag, sollte dies dennoch zum Nachdenken anregen! Etwa auch hinsichtlich der absehbaren Entwicklungen durch Aging Infrastructures]

DOE Definition of Microgrids: A microgrid is a group of interconnected loads and distributed energy resources within clearly defined electrical boundaries that act as a single controllable entity with respect to the grid. A microgrid can connect and disconnect from the grid to enable it to operate in both grid-connected or island-mode. (DOE Microgrid Exchange Group, 2010)

Typically, a microgrid design would begin with a base-wide energy assessment and energy conservation program.

For each of the top  Design Basis Threats (those having a high impact, as shown in Table 3-2), the concept design team in conjunction with the base engineer and local utility engineer examined “Risk Vectors.” It became apparent that the camp had insufficient generating capacity and insufficient fuel storage to withstand an extended outage. Highest level risk vectors were identified as follows: (…) Standby generators are generally designed for short operation periods; continuous operation is not intended and can result in generator failure. (…) Existing generators have fuel capacity for only a few hours and the camp does not have a large-capacity fuel storage system.

1. Existing generators were standby generators and had run-time design limitations. In some cases, the generators were very old and unreliable. Continuous operation for 5 days or more could not be assured.

2. Fuel was minimal. Consequently, a new onsite fuel storage facility would be needed.

As a general approach, because the SPIDERS JCTD is used to investigate the implementation of microgrids at existing facilities, an implicit requirement is that the system needs to be as unobtrusive as possible within the existing infrastructure. This is necessary to avoid cost and disruption. The requirement has been extended by the project team to include the ability to completely revert back to non-SPIDERS operation by turning off SPIDERS mode on the graphical user interface (GUI) of the microgrid control system. Turning off SPIDERS mode on the GUI prevents the supervisory controllers from making decisions or implementing control actions. Thus, the installation of a SPIDERS system does not degrade the existing system in any way. With this “Do No Harm” philosophy, the SPIDERS system is designed to “lay over the top” of the existing system instead of being a wholesale replacement of it. In addition to facilitating the transition to a SPIDERStype system, this also allows the continued use of a traditional transfer switch-based isolation system to be the default mode for compliance with life-safety codes should the SPIDERS control system fail for any reason.

The technology was applied at Camp JCTD by dividing the microgrid system into groups of actors and segregating these groups into “enclaves.”

Enclaves are generally shielded from any outside communication; communication with other enclaves is only through a highly secure device. In the Camp JCTD case, the device was an IPERC controller specifically designed for secure control of microgrids. Communication between enclaves and with the outside world (if allowed) is “denied by default.” That is, unless a specific communication is allowed (“whitelisted”), it is denied.

Generally, enclaves are created from actors that have a logical need to work together or are in physical proximity. Enclaves generally work autonomously; it is a design objective to minimize the need for communication between enclaves. Whitelisting communication becomes relatively easy because the need to communicate is limited.

Limiting communication outside of an enclave reduces the need for communication bandwidth. The SPIDERS team’s analysis found that limiting communication bandwidth within the network is an effective strategy for reducing vulnerability to denial-of-service cyber-attack.

At Camp JCTD the IPERC master controllers are each capable of full system control and all communicate with each other. This allows a failed unit to be replaced by any of its equals. The inter-enclave communication is highly flexible (although whitelisted and possibly bandwidth restricted).

The SCADA systems that have been used over the last several decades were not developed to handle the potential cyber-attack threats of the current era.

The SPIDERS JCTD microgrid successfully met the stated objectives of increasing system efficiency and reliability while maintaining adequate power quality.