The Minnesota Department of Commerce, Division of Energy Resources retained Synapse to support its exploration of privacy and security issues related to Minnesota utilities’ hosting capacity analyses (HCA) and distribution grid data. As with other jurisdictions modernizing the grid, Minnesota seeks to balance the data access needed to support distributed energy resource (DER) uptake with maintaining a secure grid that protects the privacy of customers.
Xcel Energy (Xcel), Minnesota’s largest electricity provider, has made its HCA available via an online map, but blurs the display of the data in a way that does not reveal discrete circuits, and provides less system information. Xcel claims that an unblurred map would make the distribution grid unnecessarily vulnerable to attack and would jeopardize customer security and confidentiality.
Synapse wrote a report stating that Xcel should unblur its HCA map and place it behind a verified web login portal that is open to the public. In reaching this conclusion, Synapse noted that:
- Location information on distribution facilities is likely already in the public domain
- Various tools exist to help map distribution lines
- Providing distribution line information provides significant value to DER developers
- Focusing on strengthening the grid’s physical and cybersecurity defenses, and increasing grid resiliency, is more effective at deterring attackers than concealing information.
For sensitive grid data, such as peak substation and feeder loads, which is currently not provided on the HCA map, Synapse recommended applying a risk/cost-benefit framework to balance grid security with the public benefits of HCA map data. The framework could help determine whether specific, sensitive grid data should be published on its HCA map, and how secure access to this data should be provided. Synapse suggested that Xcel consider a tiered-access approach that helps streamline access to non-public grid data and does not make requirements unnecessarily burdensome.