 Okay, always good to check. All right, yeah, thank you very much for the introduction and good afternoon, everyone. Thanks for joining me for today's seminar. I really appreciate the opportunity to talk with you about cybersecurity. It's an area that's been a passion and focus in mind for the last 15 years. And frankly, cybersecurity is one of the top priorities right now for the electric sector. So the objective of this seminar is to give you, I hope, a better understanding of the cybersecurity risk that the grid is facing. What are some of the approaches that we're taking to address those risks, as well as what are some of the new areas of research in this space and where do we see that going in the future? But first of all, it's a key takeaway. So we're gonna cover a lot of material today, but if you remember nothing else from this webinar, I hope that you'll take away the fact that cybersecurity is really a core component to supporting the reliability and resiliency of the grid. And it's really, I think, an enabler for deploying a lot of the new technologies that are part of the integrated grid. And I think from my perspective and the perspective of a lot of people in the industry, if you can't deploy strong and effective cybersecurity, then you really can't build out and deploy a smarter grid. So it really is a core component of helping us achieve a lot of the new technology visions and objectives going forward. So with that, I'll go on here. Quick overview on the agenda here. So I'd like to start off with a little bit of background information on some of the key research drivers that we see in the electric sector, as well as some new trends that are happening on the security space. And then I'm going to briefly go over what are the changes to the electric power system and how is that also impacting how we view risk and how we take actions as cybersecurity experts. They also do a deeper dive on cybersecurity for electric power utilities. So I'll be kind of taking the broad view of how we're addressing what tools are available to utilities that they're using for addressing cybersecurity. And I'll go from there to more of a deeper dive into cybersecurity for the integrated grid. And I'll explain what I mean by that as well as we get through the presentation. There are various terms for the changes in the grid and the future grid, you know, such as grid monetization initiative, there's smart grid and then, but the integrated grid is the term that EPRI has been using for several years. I'll go over that as well. First, a little bit of background about EPRI, if you're not familiar with who we are as a company. So EPRI conducts R&D, basically applied research and development related to almost all facets of the electric sector. So it's a generation delivery and in use of electricity. And we're an independent company. So we're not affiliated with any government institutions or national labs or not affiliated with any vendors. We don't make products per se. I think sometimes people get us confused with some of the national labs or think we're an FFRDC, but we're actually again, a separate private independent company. And so, and we are nonprofit. And one thing that's interesting about EPRI is when we were founded 40 years ago, we're actually chartered to benefit the public. So in our research portfolios and our research projects, we have to clearly state how that research is going to benefit the public as opposed to benefiting the people funding the research or the agencies funding the research. Our members, our utility members represent 90% of electricity generated and delivered in the US. And I think when you talk to people, even internationally, so there's a few EPRIs being a US company primarily, but we actually have members from over 40 or close to 40 countries now. So we do have a large international footprint as well, which gives us a very unique perspective, I think, in really understanding the trends and technologies that are being deployed around the world. So in my research program, I focus on power delivery systems and that really covers everything from transmission down to end use devices. So it's transmission systems, distribution systems, control centers, distributed energy resources, grid edge systems, et cetera. So in everything from the transmission down to the end use and end storage of electricity. Our program right now has close to 30 members from the US, but we also do have other international members as well from Europe, Middle East, East Asia, and Australia as well. So within the security program, we also have a broad footprint, which again gives us a very interesting perspective on the types of threats that utilities face because we see different types of threat campaigns and threat actors that might target Europe as opposed to the US or target both or focus on other regions of the world as well. And there's a surprising amount of commonality in terms of things like the challenges that we face as an industry as well as the threats and technologies that we use as well. And so it really lends itself to this collaborative model where we can pull our resources, pull our expertise together to try to address these challenges. And through those interactions with our members, I can really boil it down to I think four main cybersecurity research drivers. And you can think of these as areas where utilities feel pressure points in terms of pushing them to address cybersecurity in certain ways. The first one, and what we hear a lot about is there's a much more complex threat landscape out there. And I'll cover that in a little more detail in the next few slides. But the threats to the electric sector and to the grid have increased in terms of sophistication and complexity and number over the last few years. So of course that's a high on our utility members' radars, but that's also been coupled with increasing attack surface. If you're not familiar with what attack surface is, you can think of it as how an attacker could basically interface with the system, how it can touch the system. So communications channels, your network channels, even physical contact with devices, et cetera. So we're seeing that that attack surface increasing as well. Another area is this merger of IT and OT processes and technologies. And what I mean by that is traditionally utilities have been fairly siloed in terms of having their corporate IT systems and various business support systems fairly separate and managed by different groups than their groups managing the transmission and their distribution systems. For example, and they have separate technologies there. But over the last several years, we've seen, especially on the security side, kind of emerging of those IT and OT areas in terms of people, processes, and technologies. So more, I think more people may have traditionally been IT security people are supporting their business partners for cybersecurity, but we're also seeing more technologies that were traditionally in the corporate IT space now being ported over to the operations technology space and control system space. So things like intrusion detection systems now have new capabilities to better help them monitor actual control systems so they can do things like understand the SCADA protocols and the behavior of systems, et cetera. So a lot of utilities are kind of looking at how to leverage those new technologies but also change their processes to adapt to that. Security of emerging grid technologies. And that's really, I think, a lot of the focus of probably the last part of this presentation is thinking about what are the new applications and technologies being deployed on the grid? How do they change the cybersecurity risk for utilities for the grid as a whole? And how can we help reduce that risk to an acceptable level while still enabling the innovation new technologies to be deployed? Another big one actually is not as exciting for some people but changing cybersecurity regulation is also a real driver. So there are regulations in the US that cover cybersecurity for the bulk electric system. Those are, I'll talk about those a little bit more later but those change over time. In fact, there's a new one focused on supply chain that's going into effect fairly soon. And then also there are some executive orders that are impacting industry as well that I'll talk about a little bit later too. So these are really, I think the core pressure points for utilities and cybersecurity. So really quickly just give you an overview of some of the threats that we're interested in and there's a lot of references out there you can find that discuss cybersecurity threats at a high level but also for the electric sector. So a lot of good resources out there like here I've referenced this report from the director of national intelligence and it's very clear and direct that our adversaries and strategic competitors will increasingly use cyber capabilities to seek political, economic and military advantage over the United States and its allies and partners. It's very, very direct about that. But also we see a new malware being deployed. Here's some quotes and references to a new data wiper malware that was found in January of 2020. So this year also to look at some more recent threats the COVID-19 has been really interesting from a security perspective. I think there's a quote that never let a good crisis go to waste. Well, I think hackers seem to take that to heart because anytime there's a big event or something like that they're very good at crafting phishing emails, et cetera, to try to take advantage of people and compromise systems. And also as so many companies move their workforces to work remotely very quickly. So also attackers were targeting VPN systems and just overall remote access until working infrastructure as well. And here's some other quotes or references to new activities that happened in May and April out of North Korea and then also some other OT related systems that were targeted. Especially we talked with our advisors about how they've responded to the COVID-19 pandemic and transitioned their workforces to be remote as well. And they have also seen an uptick in phishing campaigns against them. So that also includes emails that look like they come from their trusted vendors as well. So phishing attacks are very good these days. And finally, another one I want to focus on was the supply chain threat. So I mentioned that there's new regulation as part of the NERC critical infrastructure protection standard. So 13 that is related to supply chain threats and that's going to affect this year. But in addition to that, there was an executive order issued on May 1st which is executive order 13-9-20. Got a link on it down here. Essentially, it's looking at threats that can come from vendors that may have ties to foreign governments, for example. And it's basically directed the DOE and other groups to put together criteria for putting particular equipment on a what they call pre-qualified vendor list. We'll also work with the industry to identify what is some of the prohibited equipment that's already in use and how can they help asset owners identify, isolate, monitor and replace the equipment as appropriate. And so this is fairly recent. There's probably more questions and answers on this. So most of us are gonna wait and see approach right now but it's just an example of how quickly it's a new regulations or new administrative orders like that can impact how utilities do business and how they address cybersecurity. So cybersecurity, it's a threat for a lot of different areas and sectors. So what makes the electric sector, I guess, unique in terms of what are their challenges and how they have to address cybersecurity. And I think a lot of it comes down to understanding some of the differences between IT systems and these operations technology systems. So on this slide I've provided a couple of different areas where there's significant differences between your more traditional enterprise IT systems and the OT systems that actually support the operation of the grid. A big one is understanding the difference between the IT and OT cybersecurity objectives. And so there are three objectives within cybersecurity that we focus on. It's called the CIA triad that confidentiality, integrity and availability. And most of the controls and processes we put in place are there to support one or more all of those security objectives at different levels. So on the IT side, it's a lot of the folks that are protecting data and protecting the confidentiality of that data. So confidentiality and integrity tend to be the higher priorities there and availability is a priority as well, but not always as critical. Whereas in real time systems like the ones that run the grid, availability is actually the highest cybersecurity objective. So keep the systems running followed by integrity and to usually much lesser extent confidentiality because a lot of the main systems that run the grid do not have, I guess, confidential data. The folks who want SCADA data and operations data there. Jump around a little bit. Another one is the device customization. These are embedded systems that are out there on the grid. They are customized for a particular system, a particular operating environment. They may use unique hardware, this different thing, your traditional IT hardware, they're resource constrained in terms of memory capabilities and processing power and also can use embedded operating systems that may be proprietary as well. So that limits some of the security tools you can use with them because you can't use it off the shelf security tools. Another one area that I think a very, very big difference is this long life cycle. So a lot of IT equipment, you may refresh that every two to three years to take advantage of better processing power and more memory. However, when you deploy equipment and systems out on the grid, those will be there for 15 to 30 years. And on top of that, you already have a lot of equipment that's been deployed. They have a large footprint of equipment that's also been out there for a significant amount of time. And so you can think from a security perspective, the challenges associated with trying to secure legacy equipment as well as new equipment, but also thinking longer term, how do we maintain security on these systems that have that limited computing power, or at least even if it's up to date now, we'll certainly feel very limited in 10 years there as well. So that also causes some challenges. So I just wanted to give you a little bit of that background information because I think understanding these threats and understanding the differences between IT and OT are really foundational to looking at what are the risks that we're trying to address right now for the grid. So now I wanted to spend a little bit of time talking about what are the changes that we're seeing on the electric power system and also how does that impact cybersecurity for the grid. So here you have a consider the very traditional electric power system where you have central generation that's running and then that basically pushes out electricity to loads. It's not static loads, but very predictable loads. So you have central generation basically supporting predictable consumption and electricity use out on the edge of the grid. So this is a historical model of how the grid has operated. Now if we look at where the power system actually says looking forward, but depending on where you are, you find a lot of these technologies deployed today. And then some of them are a lot of them coming out in the future as well. And it's really just a dramatic difference here. And you've probably been, I guess, hearing in these seminars about some of the different technologies that are being deployed on the grid. But it really changes how we operate the grid. And so now generation, again, used to be centralized. Now it has to become more flexible. So generating plants need to be able to ramp up and ramp down to match demand. Transmission distribution systems, they're becoming more controllable, more resilient as well. And that's being driven by a lot of what's happening on the right side of this picture. And so it's very interesting to think about these changes as consumers are becoming energy producers. So now you have things like your solar panels on the residential areas as well as office space, et cetera. Also, loads are becoming more interactive and dynamic as well. And that means that you can have better demand response systems, for example, as well as energy storage systems deployed out on the edge of the grid. And to make this all work, it requires integrating a lot of sensors out on the grid, a lot of more equipment monitoring. And it's new grid, it's got a lot of great capabilities. So it gives you better visualization what's happening on the grid, better awareness. Also, and the goal is to really integrate a lot of these new technologies that are happening on the grid edge. So really integrate the distributed energy resources as well as these other grid edge systems. And so to make this happen, you can see it's going to require more telecom systems as well as cybersecurity really being part of that infrastructure to build this out. And you can think of this as being more like a system of systems, I guess, with multiple parties now taking part in the generation and use and storage of electricity. So get a huge, huge shift from where we were before, in terms of traditional way of running the grid, and then where we are now, where it's in very flexible, resilient, and dynamic for the power system. Let's see here. There we go. All right, so speaking about some of the threats that I discussed and also these changes to electric grid, how do utilities go about addressing cybersecurity for their systems? And there's a couple of ways to frame that. One you could think about is, what are the drivers for the security decisions in the electric sector? And some of these I covered, but here it's got a good summary of it, the emerging technologies and capabilities. So what are the new grid technologies that we're deploying, where the new business capabilities we're trying to add, and how do we secure those? Again, the reliability of the grid, how do we ensure that power continues to flow and get to the end users? And then if there is a cyber incident, how do we fight through that and maintain the level of resiliency in the grid? I mentioned the regulations as well. Another is financial risk. So cybersecurity incidents can certainly disrupt operations. They may increase liability for utilities and also data privacy. So earlier I mentioned that confidentiality was not quite as high of an objective for utilities in the past. However, when you think about some of the technologies being deployed on the edge of the grid, like smart meters, for example, smart meters allow utilities to collect much more granular data about the electricity usage of their customers. And with that comes some privacy concerns. If the utilities also interfacing with other systems like DER systems, demand response systems, et cetera, there could be some other data privacy concerns as well. And so that's a little bit the newer concern for utilities. But definitely that's up there in terms of what drives their cybersecurity decisions. So to frame how they think about and how we think about cybersecurity in the electric sector, there's no shortage of frameworks. There's no shortage of documents and guidelines and recommendations out there for cybersecurity. In fact, it can be very, very overwhelming when you're first starting to get into this space. So with this slide, I wanted to help break that down for you all so that you can see and maybe understand a little bit better some of the different aspects and functions that we're trying to support in cybersecurity. So one starting point is what is your overall framework for cybersecurity? So your framework really drives how you create and govern and implement your cybersecurity program. So NIST actually developed a cybersecurity framework for critical infrastructure a few years ago. It's on, I think, Persian 1.1 right now. And that document has been, I think, adopted fairly widely now by utilities, especially in the US in terms of leveraging as a framework for assessing their security program, looking at the risks, developing profiles for where they are now in terms of security functions and capabilities and where they want to be in the future. And so if you wanted to take an interesting document to start with, it's a little more approachable that I think the NIST cybersecurity framework is a good place to start because it's fairly high level there. And so it tells you a lot about what you should be doing, what are objectives you should be looking at, and it doesn't say how to do them. So there are various documents that look at mandatory and discretionary requirements for a cybersecurity program. That's where you get into more of how you're going to support the objectives and the framework there. So I mentioned earlier that we do have mandatory cybersecurity regulation for the bulk electric system. That's this NERC CIP, NERC CIP here. And that, again, covers bulk electric systems for its generation as well as transmission systems. It does not cover distribution systems. And that's actually a really key point when you start to look at cybersecurity for the integrated grid and for grid edge systems. The current regulation covers the bulk electric system. And it's basically a set of security standards that are meant to develop and create a baseline level of security for the grid. So you can go beyond the requirements and your occurs to go beyond the requirements, but the idea is to basically set a floor, so a minimum bar there, and utilities in North America can be audited against these requirements. And they come with some pretty hefty penalties for violating them. So if you are found through an audit, it's violating some of the NERC CIP standards, you can be fined up to a million dollars per day per violation. So that's a fairly significant penalty. So that certainly takes cybersecurity and puts it up fairly high in terms of enterprise risk for utilities at least for the systems that support the bulk electric system. As well, if you Google NERC CIP fines, you can see where different companies, especially in the last two or three years, have actually started being fined multi-million dollar fines for violations with NERC CIP. So definitely pay a lot of attention to those standards. Some of the discretionary requirements, this is where you get into various controls catalogs. They're out there, the NIST A153 is a very popular one in the US. Then also there's IEC standards like 6351, which focus on some particular smart grid technologies as well as IEC 62443. And again, those are more discretionary ones, but they give you guidance on how to implement controls and what controls you should be looking at. Then another component is, how do you actually manage your overall security program? And a common standard for that is this ISO 27000 series. And again, that's really looking at your information, security management system. So that's how you actually are operating, the security program there. And that's very commonly used around the world actually. And then also there's the cybersecurity capability maturity model, which the DOE developed a few years ago. And a lot of utilities use that to look at basically how mature are they in their various processes and capabilities within different parts of their company. And the reason for that is because cybersecurity is not something that's a one and done thing. You don't just go deploy controls and then call it a day. It's supported by a lot of processes as well. And those processes are things you can mature over time, as well as your overall cybersecurity capabilities. And so these maturity models help you track that and decide where you want to be in terms of your overall cybersecurity maturity as well. And so again, it can be quite a landscape to look at and try to learn when you're first getting into cybersecurity for the electric sector here. But at the end of the day, it's also important to remember that cybersecurity isn't there just as its own end, I guess. It's something that's there to support the mission of the business. So it helps support again the reliable generation and transmission delivery and use of electricity, at least for utilities there. So these things are actually tied to your business objectives, but cybersecurity is a discipline and a practice. And so it does take a little while to get up to speed and really learn it in depth. So to help, I think take that down to a level that's a little bit easier to understand. Thought it might be useful to look at the NIST cybersecurity framework. And again, I think it's very popular with a lot of our utility members. And one of the things that's very straightforward in how it breaks it down. And so it divides security into these five function areas of identify, protect, detect, respond, and recover. Then pairs that with different categories of activities and then subcategories that aren't listed here, because there's a lot of them, as well as various informative references to help you achieve the objectives and then this cybersecurity framework. So as you see, there's a lot here, but it's really very practical when you go through and actually read what it is, it's trying to tell you to do. So let's pick governance, for example. So governance could cover how is your cybersecurity supposed to be organized? How are you assessing it? What metrics are you using to assess your security program? Risk management and risk assessment and risk management strategy. So are we accurately assessing and monitoring and communicating risk? And I think that's a big question when we start looking at the integrated grid and some of the new technologies that are being deployed, making sure that we're doing that properly. Within supply chain risk management, is do we trust the equipment we're deploying? I mentioned that's become a very hot topic in the industry in the last two years as looking at for potential attack vectors for the grid and there's lots of examples of counterfeit equipment coming out onto the grid. You can also find some examples of potentially more targeted equipment being deployed as well or things moving into that supply chain. So a lot of utilities want to ask themselves, do we trust this equipment? Do we trust the processes that our vendors are using to secure their equipment as well? It's a lot of activity happening in that space and also we're mitigating risk from third-party service providers. So in some case that could be cloud providers, for example, if we're using cloud services or some of our vendors are using cloud services or mitigating the risk from that. I mean, managing access control. So how do we manage passwords and remote access to field devices? Utilities that they have large fleet of substations that kept thousands of devices that they have to be able to access remotely and be able to manage those passwords in an efficient, effective way. Also looking further down at the protective technology, do we have the right architectures and technologies to protect these OT systems? And this is an area that we do a lot of work in looking at security architectures for new grid applications and making recommendations on guidelines and controls to help utilities protect their OT systems. Also looking down to the detect area, do we have visibility in our OT networks and devices? That's an area that we've seen a lot of movement in the last few years. I mentioned earlier that there are new intrusion detection systems available now that better understand OT systems. And so more than we're being deployed, but then historically, there's been a lot of dark parts of the OT networks that may not have been monitored. So utilities are asking themselves, do we have visibility into the network? So we know everything that's going on there. And then also are our tools configured and effective for these OT systems? Do they understand the processes? Do they understand the protocols? How do we reduce false positives when we're trying to deploy these systems in the OT space? Then if there is an incident, can our operators identify and respond to a cybersecurity attack? Do they know what to look for? This is actually a very challenging area. Skated operators are not cybersecurity experts, but they may be the first ones to notice if something unusual is happening on their systems or on their Skated Systems in particular there, but it can also be very difficult to determine if something is actually a cyber attack or if it's a device that's malfunctioning, for example. And then if there is a cyber incident, do we have the right forensics tools and capabilities to even determine which devices have been compromised? I mentioned earlier that there's a lot of proprietary operating systems and applications on their use in these devices. So you can't just use your off-the-shelf forensics tools when you're doing your analysis as you're responding to an incident. So these are just a few of the areas but I wanted to take a moment to translate what are these high-level categories mean in terms of practical questions that we're looking at in our research and that utilities have to address on a daily basis? So to help address some of these questions we do, again, research in a lot of different areas in our cybersecurity program. Over time developed a fairly holistic program to look at transmission distribution, security for DER and credit systems as well as incident threat management. And we publish a roadmap every year where we look at what are the future states in cybersecurity that we'd like to achieve as an industry and especially from the perspective of electric power utilities. What are the gaps to get there and then what are the actions to help achieve those future states? And so I'll provide you a link here for our roadmap and our roadmap doesn't just look at power delivery systems it also includes some of our cybersecurity activities that are focused on the generation sector, the nuclear sector as well as some cross-cutting areas like security metrics and supply chain security. And so I'd encourage you to, if you're interested in learning more about the challenges and where we see some of the research going very detailed level at least from the utility perspective, I think it's a good reference document. It's freely available. Anybody can go download it and take a look at it. And it gives you a summary of research we've done in the past we're doing this year and where we see things going in the next two to three years as well. So we've covered a lot of material as I mentioned at the beginning of the presentation I want you to give a little of background on some of the drivers for cybersecurity. Then talk a little bit about changes that we're seeing in the electric power system and then broadly talk about what are some of the challenges and resources for the electric sector as a whole before diving into cybersecurity for the integrated grid. We'll talk a little bit more about some of these newer technologies and applications. But before I did that, since we have covered a lot of material up to this point, I wanted to pause here to see if anybody has any questions. Thank you, Galen, for making a quick stop here. And for audience, if you have questions, please click the icon, which is a raise a hand. I'm going to unmute you so that you can ask some clarification questions. Okay, seems not, but we do have one question on the Q&A part of the question is about, I think you touch a little bit at first beginning and you may elaborate a little bit more when you discuss integrated electrical grid for cybersecurity. The question is, why can't IT associated with OT can be segregated or separated to overcome some of the challenges with upgrade cycles and the resource limitations? Okay, you repeat that by measure out. So the question is, why can't IT be separated from OT to help with some of the challenges around the refresh cycles and what was the rest of the question that... Race also may be teaching. Resource limitations, right. So in general, utilities do have some separation between their IT and OT systems. They're usually not air gapped. That's a term you might hear in the industry and it's I think a bit of a myth. I don't know that many utilities actually have true air gap between their IT and OT systems. A few do, but most don't go quite that far and there's a lot of business reasons why they don't have them complete air gapped as well in terms of how they leverage data from the grid systems there as well. But they are segregated and the interface between IT and OT systems is fairly controlled there. So usually won't have any SCADA systems on the internet, for example, or easily access from the IT side over to the OT side. Again, that's fairly controlled there. And so I think that helps with some of the more internet-based threats like you might get from phishing emails, but certainly not impossible for a very determined attacker to potentially pivot over to the OT side, but it's fairly difficult there. And so that does help provide a really good amount of protection and reduce the risk. But I think some of the challenges that we're seeing is I mentioned the growing attack surface, that out in the field, you have more field area networks being deployed, have a huge variety of communication technologies out there from microwave systems to cellular systems to find Wi-Fi out there, ZigBee systems, et cetera, as well as the fact that some devices are not as physically protected. So you have a lot of pole-top devices. You have devices on the side of somebody's house, for example, if you think about smart meters. So having that separation helps between IT and OT reduces some threat vectors and attack vectors. Again, now on the OT side, you're looking at the integrated grid that you definitely have a big increase in that attack surface there as well. And so that's also what we're concerned about. And so I think having those limited capabilities for doing things like encryption or authentication can be a challenge moving forward. Hopefully that answers the question there. Any other questions? Yeah, let's move on. So we can ask. Okay. Great. All right, so yeah, just a few more slides here. I know it's about 14 minutes left for the seminar. Wanted to make sure I have some time at the end as well to pause for questions. But right, focusing more on the integrated grid. And again, that's the term that some people might call the smart grid. For example, I like to think of it, even more as it's integrated grid because they're trying to integrate a lot of these different technologies and players into the grid. And which provides a lot of benefits, but I think it provides a lot of challenges on several which are listed here. So these are challenges for, I think mostly grid edge systems. So one is this diverse ownership and management of history and energy resources. So we have some TER systems that are utility owned, operated and managed, but then you also have a lot of customer owned as well as third party managed TERs. So these could be things like PV on your house, for example, could be storage in a home, electric vehicles, home energy management systems. You could think of building management systems for commercial buildings. Those could be controlled by third party. We have solar aggregators that could manage large numbers of solar panels as well. And so it's really become a very, again, diverse area. And the main challenges of that is when you look at from the security perspective, it's not clear what everybody's responsibilities are in terms of cybersecurity. So as you may remember from the early part of the presentation, there's a lot of activities, processes, technologies, and functions that go into support cybersecurity here. And utilities will secure what they own and operate. But now you have these other groups as well that are actually managing systems that could impact the operation of the grid. But we may not know how they're actually securing their systems. So again, you have this lack of clarity and responsibility. So you can think about who's responsible for things like deploying patches, who's tracking vulnerabilities for these grid edge systems. If there's an incident, whose responsibility is it to respond to that incident? And if you are responding to an incident, how do you coordinate that across these different groups here as well? So I think that's an area that we definitely see some challenges. And also just the pace that these technologies are being deployed. It's accelerating fast. And there's a lot of new technologies going out. There's new functional entities. I mentioned aggregators. There's also pressure for low cost solutions. So, which usually doesn't support economics of cybersecurity very well when people are more interested in things like time to market or their particular profit margin. There's well that can sometimes impact how security is managed from the vendor perspective. And then also there are, I think like established standards for these grid edge systems. So a lot of the companies are working in space are not necessarily security experts. Some of them are fairly new companies. So we may bump into lack of security knowledge and best practices. But ultimately, at the end of the day, what we're concerned about is that we think this is increasing uncertainty into the cybersecurity posture of the grid. And the part of it is just not knowing how these other parties are architecting their networks, how they're doing their access controls and whether security controls that they're deploying as well. So it's something to think about and I think from the utility perspective, there's only so much you can manage and control on that as well. In addition to that, when you look at some of the specific grid edge systems, there are standards gaps in that, in this space. So here I've just highlighted three different standards and rules that are out there that are related to DER and grid edge systems. One's a 1547 or some of the DER interconnection standard. And so it's really focuses on interoperability and it does specify some mandatory protocols that need to be supported at a smart inverter's local communication interface. And it specifies that it should use a 23.5, DMP3 or Sunspec Modbus. Now, if you're familiar with these protocols, you'll know that DMP3 and Sunspec Modbus do not have security built into them. It's only the IEEE 2030.5 that requires, I guess, a secure communication there. But it really also doesn't, as a standard, the electrically standard itself doesn't directly address cyber security four, screen occasion protocols, cyber security four, smart inverter or the interfaces, at least not in this current form there. And also in California here, right at California Rule 21, which looks at these generation facility interconnections. And so if you look at the graphic on the right side here at the very top, you can see the Rule 21 recommendation, which again is this like interconnection between the distribution system operator, for example. And I hear we just use the aggregator system in the cloud as just one potential interconnect there. And it does specify, I would recommend the 2030.5 there, but as you can see from this large red circle here, that does not drive any requirements for how an aggregator might interface with the smart inverters themselves or any security controls on that. And that doesn't mean that there aren't security controls being implemented, but they're not required. And because these are proprietary systems, we just don't have a lot of information to insight into how those connections are being secured. So a utility can specify cyber security and privacy requirements through a DER interconnection agreement. So there's one tool that they have to drive some security requirements. And that can be helpful in some types of interconnects, could be helpful for other systems like micro grids, for example, that could connect to the grid. There's some tools, but then again, there's just a lot of connections and unknowns out there as well. So I mentioned that IEEE 2030.5 is recommended under rule 21, but if you really dig into that standard and you have a background in insecurity of PKI, you'll notice that the model that's proposed in 20305 actually has some cyber security risks that are inherent in the way it's been developed. So for one, there's not ability to do certificate revocation on it, which it's a very important aspect of doing a PKI. Being able to revoke certificates can be compromised. And then also this risk of CA collapse where you can allow root CA signing for end devices as well. And so that's another challenge that we've raised some awareness on that's looking at being addressed right now as well. And so it's kind of interesting when you first look at it, you might say, okay, I see some secure protocols that are recommended out there, but when you actually diagram out the systems, look at the different connection points and how the technology is really being deployed. Again, you see some gaps in terms of known security requirements out there and security regulations as well. And so that's something that we are very interested in and focus on a lot in our research. Transferring to the next slide. So I do want to mention and bring your attention to some of our research projects and activities to help address cybersecurity for the Ingrid grid and for these DER and grid edge systems in particular. And it can be pretty overwhelming at first when you first look at it because of all the different technologies, applications and players that operate in the DER and grid edge space here. So we've looked at a security architecture for the DER integration network. And I put a little star by that one because this report is available at no cost. So you can go to epri.com type in this title and you'll be able to grab that report and download it. And I think these are live links in here as well. And so you can grab that once you get once the slides are available here. But then we're also looking at a lot of different aspects of these systems. So looking at grid security for induced devices, making recommendations on how those devices should be secured. So induced device could be things like smart thermostats, home gateways, et cetera. Also, energy storage is a big area as well. And there's a lot more storage being deployed in California and across the grid in general. And so last year we looked at what are some of the recommended guidance and considerations for cybersecurity related to those systems. Then in this year and next year, we're continuing the work we're doing but also expanding out to look at cloud security for DR and grid edge systems. A lot of these, a lot of them, but some third party companies already use cloud services to manage these grid edge systems. So we look at security architectures for that as well as DR network gateways to help control the integration of smart inverters as well as hardware security for smart inverters. And then finally, working on it, making recommendations to help address and to help understand some of the security challenges with 2030.5 and how they can be addressed. So those are areas that we're looking at and how we're trying to help address some of the security challenges. Here I wanted to list some future research directions for the integrated grid. And this is broader than just utilities. This is more industry, I think industry issues that we need to look at. Some of these I've referenced already, like what really understanding cybersecurity roles and responsibilities across all of the industry stakeholders in the integrated grid. So that's vendors, aggregators, utilities, these various other third party management systems, et cetera. Making sure we actually understand what their roles and responsibilities are as it relates to cybersecurity. Also, I think we need to adopt a more comprehensive cybersecurity framework for the integrated grid that really addresses all of the functions in the cybersecurity framework that identify, protect, detect, respond and recover. We spend a lot of time looking at protection in these protocols and other architectures that are being recommended right now. But again, security has to support all of these functions and we need a better more comprehensive framework for that. Also, I think an interesting area of research would be developing what we call multi-party grid risk model. So how do we understand the risk from these third parties if they're compromised? How can that impact the operation of the grid? I think that's not well modeled and understood right now. And then in supporting the first two bullets, creating a framework for collaborative security management. And so this was right away for a regular utility or others to basically track the cybersecurity tasks among all these different interconnected systems and third parties as well and be able to demonstrate and know are the different participants in the grid actually supporting the roles and responsibilities that they have as part of this overall integrated grid as well. I think that's a fascinating research area myself in terms of how you might be able to automate that, how you incentivize people to do that as well as brings a mix of economics, technology and policy. I think as well, if you want to try to design something like that. But I think as an industry, not just everybody, but as an industry, that's something that we really need to look into, I think to make sure we have a very secure grid going forward. So with that, I'll crash it down to one minute. So I apologize for that. I'm pausing it for any other questions. There's some questions on the Q&A. Let me pick a relatively simple one, but I think it's very interesting one, especially for a lot of students that may not have experience in this area. So can you give me a more specific example about the potential risk for the integrated grid, potential cyber risk for the integrated grid? And you mentioned the attendees list one thing which is, hey, for example, if the cyber hacker into my solar panel system, what they can do with that? Right, that's a great question. And if I had to pick one specifically, I think looking at the solar panels, in particular looking at aggregators of those systems. So if an aggregator can directly control or curtail generation through, by leveraging a connection to smart inverters, they could actually control the amount of solar generation that's happening and across the systems that they support. These aggregators can also do firmer updates as well. So imagine if an aggregator were hacked, then somebody were able to basically control those systems, then they might be able to curtail the power production or turn it back on. And depending on the level of PV penetration in the service territory, that could have a significant impact on the distribution system. It may not be enough to quote, take down the grid, but it certainly on the distribution level, I think it could cause some real problems there. But again, that's probably a specific example. And that hasn't happened before, but if you want one that's easy to relate to and understand, that would be one that I would be concerned about. Thank you, Galen. Thank you very much. And I think I received a lot of questions regarding where we can get to the recorded video. And I want to type an answer on the chat. And if anyone, if anybody interested, you can go to any of the last time for that EDU pits and watts. There's a tab, which is events. You go to the past events, you will be able to see all the recorded webinars in last five talks. And here is Galen's contact information. And so if you have any follow-on question, feel free to reach to him. Thank you, Galen again. And last but not least, I want to especially thank Wahila, Wilkie, Chin Wu Tan, and Mohamed Rasli. I'm not sure you guys be able to see them from the Zoom, but they are a smart grid coordination team. And for all the audience attended, you receive the email from them and a reminder from them to attend this webinar. And also they responsible for coordinate all the speakers regarding the practice session and the logistics. This is new to them. And historically, we all conducted a smart grid seminar from the physical meeting and workshops has been run and Chin Wu has been running that for five or six years. This is the first ever, we moved the whole quarter a seminar to the webinar form. I want to especially thank all of you, spend a lot of time to coordinate and make this happen. Thank you. And also thank our audience. And if you're interested in the future events, you also can go to the Bits and Watts website. We partner with APRI with the support from VMware. We have a special virtual workshop. It's 90 minutes each day, three days long, talk about integrate customer DR, what is the standardization, what's the security issues and the integration issues, all of these things. Okay, thank you everyone. Good afternoon.