In the past four blogs of this series, we’ve discussed several topics central to the growth of AI-driven energy flexibility solutions. They included maintaining trust in the distributed energy flexibility ecosystems, potential cybersecurity risks, regulations, and the needs for standards and interoperability. This final segment will provide some details on how Intertrust’s XPNTM secure communications service, and the Trusted Energy Interoperability Association (TEIA) standard can address the challenges raised in the previous blogs.
Securing trust in data and devices
For a flexible energy solution to properly operate and support the grid, the AI system that manages and optimizes the distributed energy resources needs to trust the data received from the devices it orchestrates. The XPN communication protocol provides this trust by going beyond commonly used security technologies used by other IP communication protocols such as TLS and VPN. It provides an enhanced security solution that both protects the devices operating in the energy flexibility solution and the ecosystem of data and commands that surround them.
XPN technology also enables interoperability between the disparate devices typically enrolled in utility-run virtual power plants (VPPs). As more and more types of distributed energy resources (DERs) are enrolled in VPPs, especially consumer-side DERs, interoperability issues can greatly complicate the rollout and operation of these energy resources. XPN’s interoperable device authentication feature (more below) can promote DER interoperability and help simplify DER operations.
An important advantage of XPN is that it is compatible with the specifications that form the TEIA open standard. Co-founded by E.ON, GS Energy, JERA, Origin Energy and Intertrust, the TEIA standard describes a trust model for the device, data and software components that form digital energy applications. A core principle behind TEIA is ensuring that the security needed for applications is done interoperably, avoiding vendor lock-in and complications that come with proprietary solutions. TEIA, and of course XPN, are also designed based on zero trust architecture principles so that XPN enabled devices and services operate securely in untrusted environments.
Key benefits of XPN
Interoperable data and device authentication. DERs orchestrated by a VPP and their data need to be properly authenticated to ensure that only trusted devices and data are allowed on the network.
XPN works with Intertrust PKI (iPKI) to provide digital certificates that work across all DERs. Often devices are authenticated by the device manufacturer and not interoperable with other manufacturers, so the iPKI interoperable authentication overlay avoids security issues related to certificate management and device authentication. It also helps avoid vendor lock-in and ensure the VPP operator can operate the device without interference from the device manufacturer.
XPN further extends the benefits of interoperable authentication by authenticating data transmitted from the device as well as commands sent to it from the cloud. This is important not only for cybersecurity, it also gives control of the data to the VPP operator to consume and share the data with partners in accordance with their wishes.
End-to-end data trust. DERs by their nature exist in a sea of networks and connected devices, all of which adhere to a number of different protocols and cybersecurity implementations that can range from very secure to no security at all. The data that the DERs send to the VPP AI system also has to travel across any number of network links and devices and these links can rely on network-based security that might only cover one link or be misconfigured.
The old maxim “you are only as secure as your weakest link” certainly applies here. XPN works at the application layer and layers on additional security beyond the network-based security often used in distributed energy environments. Essentially, XPN acts as a secure tunnel that seamlessly travels across all the IP-based network protocols as well as many non-IP based protocols such as Modbus.
The XPN client securely signs and optionally encrypts data packages sent from the device. This protection persists throughout the data journey to the XPN Service where it is verified and securely sent to its proper destination. This persistent protection is especially important since it strengthens the protection of the data should it travel through devices or networks with security vulnerabilities. Crucially, XPN also leverages a thorough authorization framework to protect commands sent from the XPN Service to the DER. This helps to prevent malicious tampering with commands that could cause a DER to misbehave.
XPN’s main features
As we’ve discussed in this series of blogs, AI-based energy flexibility applications such as VPPs face difficulties in maintaining trust throughout their systems with challenges in both cybersecurity and regulatory compliance. They also struggle with interoperability issues that can complicate their operations. XPN brings many benefits to help with these issues.
- Improved security and interoperability. Since it’s not dependent on any network-based security, it maintains that security regardless if the network security is insufficient or misconfigured. It is also interoperable across these networks so can be easily added to an existing installation.
- Security for both IT/OT. Utilities generally run IT and OT (operational technology) in separate silos, yet VPPs transverse these by communicating with both types of systems. By operating at the application level, XPN’s security protections extend to communications with both types of systems. This capability has been demonstrated by partners who have used XPN to secure communications between OT devices and the IT infrastructure in the cloud.
- Widespread coverage of DER types. XPN works interoperably across multiple types of DERs and other IoT devices. This gives VPP operators the ability to provide persistent end-to-end security across a wide range of assets from smart thermostats to smart inverters. As an example, EIPGRID, a VPP provider and XPN partner, is using XPN to achieve this goal.
- Open standard compliant. As an open standard organization, TEIA is committed to working with the TEIA community to advance the specifications behind the standard. Since XPN is compatible with the TEIA standard, it will continue to evolve along with the standard.
Through XPN and TEIA, utilities can strengthen trust in their VPP and other energy flexibility applications that enhance their existing security solutions. The flexibility and interoperability facets of XPN technology also allows for better operational efficiency, increased security and expanded reach. With these capabilities in place, utilities and energy retailers can leverage trusted flexibility solutions to pursue innovative applications and business models, knowing they are more secure and better positioned to meet regulatory requirements.
More information on XPN can be found here and TEIA here.
About Phil Keys
Phil Keys is a Director, Comms & Research for Intertrust Technologies. He is a veteran technology industry observer, marketer, connector, and writer based in Silicon Valley. In addition to 13 years of experience as a Silicon Valley Correspondent for Nikkei Business Publications, Phil has worked for technology companies in both the US and Japan. Phil has spoken publicly in events in Tokyo and Silicon Valley as well as moderated panels in Silicon Valley. He holds a B.A. from the University of California at Berkeley and attended International Christian University in Tokyo.