AI is now in the mainstream zeitgeist, both for its promise—and its perils. The distressing ease of deep fake creation shows AI’s risks. On the other hand, AI is rapidly becoming an essential part of the energy ecosystem. AI-powered energy applications such as virtual power plants (VPPs) play a key role in balancing the renewable energy-driven grids of today and the future. VPPs orchestrate energy resources from distributed energy resources (DERs), like rooftop solar panels, home batteries and electric vehicles, relying on trusted data from all of them.
However, as VPPs begin to roll out and interact with homeowner’s DERs, the energy industry needs to carefully consider consumer reactions. With fears about AI firmly entrenched, it’s natural to be concerned about what could happen to your home as the result of an “AI hallucination!”
A cautionary tale comes from the first smart meter rollouts of the 2000s. Smart meters, which send detailed energy usage data to the utility, faced a backlash due to concerns about data privacy and radiation from their wireless transmitters. Privacy concerns are not far-fetched; with the right data there are ways to determine the power usage of devices (for an example see this paper). Smart meter privacy concerns reached the point where in 2009, the Dutch government halted a mandatory smart meter rollout due to public pressure.
The smart meter rollout shows that unless consumers’ data protection and privacy concerns are addressed upfront, they can impede the progress and success of energy-related data applications. Fast forward to 2024 and as VPPs become more widespread, like any other application that handles sensitive data, robust privacy protections need to be built-in from the ground up.
Yet, that might not be enough to address consumer concerns. One thing that has changed since the introduction of smart meters is that hacking has become even more prevalent and increasingly sophisticated cybercriminals are constantly trying to steal data, personal or otherwise. For a VPP to operate properly, its AI systems need to fed data about consumers’ DER devices and their energy usage patterns. In this way VPPs can orchestrate device usage with minimal impact to consumers’ lifestyles.
This data is naturally a target for hackers but there is also another concern that goes beyond threats to consumer data. Malicious hackers may also try to disrupt VPP operations which could potentially damage the grid itself and along with it, disrupt the flow of energy. One way to do this is to inject fake data into VPPs that could cause them to malfunction. Any such attack could also undermine consumer confidence in the system and invite a backlash.
Given the potential threats, VPP operators need to build in appropriate measures to increase DER data security. However, that might be easier said than done. DERs by their nature are outside of the VPP operator’s control and rely on home networks with a variety of different devices, network types and security policies.
Even if the data is well protected within the home (a big if), DER data typically has to travel through a number of networks and devices before it reaches the VPP AI system. The sheer complexity of the data ecosystem surrounding connected devices presents a cybercriminal with any number of opportunities to try to steal data, representing not only a data privacy threat, but also one to the operations of the AI system itself.
Intertrust’s XPN (Explicit Private Networking) solution can help. VPNs and other network based security measures currently in use typically only work in one segment of a network. XPN works with these measures to add an additional layer of protection to connected device data that protects data throughout its journey.
Already being implemented in VPPs, XPN ensures that the device is secure when it sends the data. It then signs the data and makes sure it’s encrypted when it leaves the device. When the data is received at the server, the signature is checked to ensure that it hasn’t been changed in transit, then decrypted and then sent only to a secure data repository. Just as important, the same protections are given to any commands sent from the cloud to the device.
For an energy company implementing a VPP, or any other energy application that relies on connected device data, adopting XPN can ensure that both the company and its customers’ data remains well protected.
