Multidisciplinary team wins NSF award to study potential cybersecurity & privacy risks of distributed energy markets

Peter WilcoxenAs the traditional, centralized way of producing and distributing electricity gives way to a future of decentralized, “smart” energy production and consumption, so policymakers, producers, and regulators must understand the security and privacy risks inherent in “distributed” energy production and in encouraging consumers to better manage, even produce, their own energy. 

That’s why an interdisciplinary team of Syracuse University cybersecurity, engineering, economics, and law experts are conducting research into various “two-way, distributed” energy market designs to assess potential security and privacy risks inherent in each and the trade-offs between reducing risk and optimizing market performance. 

Funded with a $344,184 grant from the National Science Foundation, the team is drawn from Syracuse University’s School of Information Studies (iSchool), College of Engineering and Computer Science (ECS), Maxwell School of Citizenship and Public Affairs, and College of Law. It will employ mixed methods to conduct the market assessment, including interviews, market structure and data flow modeling, simulations using real world electricity use data, and security threat analysis. 

“In the ‘smart grid’ electricity and information will flow back and forth among households, businesses, and small producers,” explains Jason Dedrick, Professor of Information Systems at the iSchool and the project’s Principal Investigator (PI). “Consumers will be able to create their own power and sell it back to the grid, while information about demand, supply, and performance will flow to and from appliances, electric cars, and solar cells and other local generators.”

But, observes Dedrick, there are significant risks associated with the two-way, distributed smart grid. Networked appliances could be vulnerable to cyber attacks. High-speed, decentralized electricity trading will make it harder to identify fraud. And there might be opportunities for market manipulation, privacy breaches, and even physical damage to our national infrastructure. 

“The wide range of new participants and devices in a two-way, distributed smart grid creates many new cybersecurity vulnerabilities. Our goal in this project is to determine the degree of vulnerability of different market configurations and to identify resilient approaches,” says Co-PI Maxwell School Professor Peter Wilcoxen, Director of the Center for Environmental Policy and Administration. “Our research focuses on the different effects of privacy, security, and integrity measures on the operation of the grid and energy markets, including impacts on the stability of the gird, the privacy of participants, and the trustworthiness of the market—that is, can participants be confident that payments are fair and that prices are not overly volatile?”

The results of this two-year project will provide guidance to policymakers, regulators, and market participants so that an effective market can be designed for a two-way, distributed smart grid, one that incorporates necessary security and privacy protections without burdening the market’s function.

Dedrick will take the lead in collecting data on current and planned distributed energy markets and security policies, while Wilcoxen will lead the development, testing, and analysis of market simulation models. Cybersecurity risks will be analyzed by Co-PI ECS Associate Professor of Computer Science Steve Chapin, and Keli Perrin, Assistant Director of the Institute for National Security and Counterterrorism, will draft privacy impact assessments (PIAs) for proposed markets. 

10/17/16