A lot of Digital Bond readers are not electric power professionals, so I figured some 101 on the electricity sector might be appropriate. One of the more fascinating, and least understood even by power professionals, aspects of electric power is the electric power market. As cyber security professionals, we have an obligation to understand how our clients make their money, so that we can give them appropriate recommendations on securing that cashflow (you know, outside of “do it or I’ll CIP you”).

The power market is a a bid based construct where buyers and sellers of electric power can exchange various electric power ‘instruments’, the most common being Megawatt hours (MWh), for money. A megawatt hour is a measure used to meter large amounts of power, and is equal to an output of 1 MW for 1 hour. Buyers bid into the market with their minimum price per MWh ($/MWh) each day, which is the minimum amount of money they will accept to generate. The intent is that generators take into account all their operating costs, and their intended profit margin, and compete against other generators doing the same thing.

After bidding, the market then ‘fills’ the expected daily demand starting with the cheapest sources first (called Least Cost Dispatch) with the bids from all the generators. The price paid to all the generators is then set to the price by the last bidder necessary to fill the demand. When it’s done ahead of time, this price is an estimated price based on forecasts (called the day-ahead price in some markets).

But, it’s not that simple. The electric power grid runs according to the laws of physics, not of humans, and needs some specific operating rules to ensure that it stays stable and reliable.

First of all, the market is security constrained, which is not what you cyber folks think it is. Security constrained refers to the ability of grid operators to limit the market approach when there is a reliability limit in place. Sometimes, systems work well for market purposes and there are few security considerations. However, when the system is at high load, has limited supply, or other system issues are present, the operator has the power to constrain generators to ensure reliability. A common constraint is limiting generator output due to transmission lines having reached limits (called congestion). Operators will either increase or decrease specific generation to balance and alleviate congestion, which obviously affects the price of electricity (called the spot price). Or, they will switch lines and components in and out as well, though a system reconfiguration is not something to be done lightly. There are other security constraints as well, most based upon the physics of the electric power system.

The last part of the electricity market handles the real-time component, which I’ve heard called a  spot market, or a real-time market. Basically, electricity demand cannot be fully predicted and accounted for, though it can be trended and forecast to an extent. When the forecast is different from the actual demand (notice I said “when”), the market must react by buying more power from generators. When the difference between the forecast and the real demand is small, then it’s often absorbed into existing production at nominally the same price. When the difference is high, then the price can quickly jump as new generators are added into the system. In these cases, the $/MWh can go from the mid-$30s up to several hundred dollars, and even into the thousands. This mechanism is also used when unexpected failures happen in the system, the higher the severity and the more unpredictable the event, the higher the price can rise. The spot is calculated in time slices, sometimes an hour, or 30 minutes, and even down to 1 minutes slices.

Different generation types bid differently. For instance, shutting down a nuclear power plant is an a supremely expensive proposition, so they usually bid in at $1 a MWh. This means they are almost always picked by the least cost dispatch model, and make whatever the market price is at the time. Base-load plants do a similar strategy, often bidding in at cost (or slightly below cost), taking advantage of spot price fluctuations to make a profit. Peaking plants are typically higher cost, and bid in as such, due to higher maintenance associated with cycling the units. Wind and Solar are special cases, and some markets have special rules to handle their inclusion (ERCOT is the one I’m most familiar with).

I hope this has been educational to cyber security professionals, and maybe even some engineers. This is a basic introduction to electricity markets in North America and a few internationally, but there are always local variations if you travel around. It’s also important to note that not everyone participates in a market, we also have the traditional utility model, which I need to discuss as well. As always, comments and questions are welcome below.