Digital Transformation: Cybersecurity and Resilience for Critical Infrastructure Protection Through Modern Application Architecture and Cloud Technology

MISO manages one of the world’s largest energy and operating reserve markets with $22 billion (US Dollars) annual gross market charges (2020) and a scope of operation with 65,800 miles of transmission.

With the fast changing energy landscape, MISO is challenged to bridge the gap between the current market approach for centralized unit commitment and dispatch to one focused on more distributed and demand-based sources of instantaneous and somewhat autonomous resource adequacy and congestion management. With that shift in its sight’s, MISO has undertaken an ambitions technology renewal program to not only modernize and further secure key systems, but to the test some of the leading technological approaches to managing data and systems to explore if they can support MISO’s mission.

Cloud Computing: Proof of Concept

MISO recognized the need to improve the performance, security, and agility of our market system to meet future business conditions. The evolution of the bulk electricity industry toward intermittent power generation, such as renewables, demands higher performance and capacity through newer technology to manage energy markets. In addition, the cybersecurity threat landscape has dramatically changed; increased threats of ransomware and cyberattacks demand software solutions that are more resilient.

MISO initially explored the many flavors and options associated with the concept of cloud computing. One initial choice is “public” versus “private” (or “on-premise”) cloud. The public option such as Amazon Web Services or Microsoft Azure has considerable appeal, including agility and elasticity to respond to changing business requirements, on-demand pricing, and a tremendous investment in innovation (Warrilow, 2018). In emergency circumstances, applications and workloads can be migrated to other geographic regions, which offers incredible capability for resiliency.

Unfortunately, one significant challenge for public cloud implementation is compliance standards. The efficiency of public cloud computing usually involves shared services across multiple clients; this approach creates supply chain risk considerations and the responsibility of the entity (MISO) to maintain security and ensure compliance (North American Electric Reliability Corporation (NERC), 2019). 

As MISO considered these many complex choices, we initially decided to focus on a private cloud for non-critical applications that would not require strict adherence to compliance standards. Instead, we could focus on building the capability for meaningful but low-risk applications that did not have an operational impact on the bulk electric system. This approach would allow MISO to build the automated capability to deploy to a cloud-inspired environment. The private cloud approach for non-critical applications allowed us to demonstrate that a third party could provide infrastructure as a managed service. That provides a possible blueprint for managing supply chain risks. 

We discovered that one of the important capabilities involved “containers.” The use of containers delivers the capability of automating the packaging and deployment of software. All of the components and dependencies are bundled together. This container capability creates the ability to deploy into modern infrastructure such as cloud solutions. 

These cloud deployment methodologies provide an effective solution to counter cybersecurity incidents and business continuity scenarios. The benefit to resiliency is that the automation of packaging and deployment creates velocity; containers can be redeployed or sent to compatible hardware at a different location much more rapidly and consistently. 

MISO worked with new and existing application vendors to migrate to next-generation solutions that leveraged the container architecture. The result was more rapid iterative development. In the past, we might struggle to deploy and test a new version of the legacy software over a week or two. With the next-generation container architecture, MISO and application vendors can receive multiple updates for evaluation and testing in a single day which lowers the risk of each individual deployment. By reducing deployment risk, MISO improves resiliency. 

Architecture

MISO is also moving toward an “Event-driven” architecture where components of a system are configured to receive notifications of changing or recognized conditions, further modernizing and preparing MISO for more rapid technology changes in the future. The resilient architecture delivers the messages reliably – and can even play them back later. It’s similar to the notification feature on a smartphone. You can subscribe and configure the phone to alert you to events that you care about. This same design can improve the market system and help control room operators who today have to recognize and process the information on monitors and audible alerts. The legacy software approaches represent substantial overhead and potential delays of constantly checking for new data or changing conditions. The new design delivers efficiency and performance to manage the state of the market system.

Adapting to a New Operating Paradigm

These technology and software architecture upgrades are part of MISO’s business and digital transformation strategy. This strategy helps MISO to address some of the greatest challenges facing the industry in general (and grid operators such as MISO in particular) – the evolving inversion of the operating paradigm. The grid is moving away from scheduled central station power plants to a more intermittent weather-driven and smaller scale distributed fleet of supply resources. This shift is requiring operators like MISO to rethink the means of unit commitment and dispatch that has worked for decades, but begins to break down as the model inverts. One of the key areas of focus to keep up with these changes are both our concept of operations that sees us schedule most supply and forecast most demand to one where most supply is forecast, and much more demand is scheduled.

This kind of shift requires technology that can securely handle communications from a far more diverse and smaller scale set of supply and demand resources. It will also require a shift from purely command and control operating approach to one that leverages more distributed logic for some degree of stochastic based self-management. MISO has begun investigating the technology required to enable this fundamentally different operating paradigm and is looking, among other places, toward how the internet operates in a highly distributed way as a model to learn from.

Grid operators like MISO are challenged to bridge the gap between the current market approach for centralized unit commitment and dispatch to one focused on more distributed and demand-based sources of instantaneous and somewhat autonomous resource adequacy and congestion management. The promise of cloud technologies is their speed of information synthesis to deliver broadly available situational awareness to meet this changing paradigm head on.

References

• North American Electric Reliability Corporation (NERC). (2019, Dec 10). Security Guideline for the Electricity Sector - Supply Chain. Retrieved from Reliability and Security Guideline & Technical Reference Documents: https://www.nerc.com/comm/RSTC_Reliability_Guidelines/Security_Guideline-Cloud_Computing.pdf
• Warrilow, M. (2018, Aug 30). Rethink Your Internal Private Cloud. Retrieved from Gartner, Inc.: https://www.gartner.com/document/3888587?ref=solrAll&refval=297369120

---

Thumbnail credit: Photo by Joshua Sortino on Unsplash