img Opinions

Defending Critical Energy Infrastructure
img
ONC Editorial

Aug 08, 2023

The U.S. needs to restructure its renewable energy infrastructure with cybersecurity at the forefront. (The opinions expressed in this article are those of the individual author, whose information can be found below.)

As the electrical grid is becoming more and more digitized, the United States is undergoing a nationwide transition towards renewable energy. Critical energy infrastructure has always been an appealing target for American adversaries, and the latest threat is cyber attacks. 

Critical energy infrastructure defense has undergone a significant development, which makes it more efficient but more susceptible to cyber attacks. This development is the blurring of operational technology and informational technology. Renewable infrastructure incorporates both. 

For example, distributed energy resources  are electricity generators that are often connected to the Internet to communicate with the power grid. If communications are not encrypted, attackers can obstruct energy production. Other kinds of attacks include ransomware, in which a user is unable to access the system without paying an often monetary ransom to the hacker. 

A unique issue with cyber threats compared to traditional physical disruption is that since these systems are interconnected, having even one system be compromised could result in many other systems becoming infected. In a similar vein, an insecure supply chain can have drastic impacts even if the grid itself is secure. As a result, renewable energy companies need to be on the same page about their cybersecurity priorities.

One of the most critical mindset changes that needs to occur concerns the cost of developing cyber-secure technologies. Naturally, these processes will make for a higher upfront cost, and that may leave turn renewable energy companies off. 

However, the financial cost of a cyber attack can be enormous, and in almost every case it is worth the investment to keep systems secure from the outset. Even basic practices like frequently updating software, using multi-factor authorization (e.g., multiple passwords or third party security applications) and continually re-authenticating users can have a real impact. 

Moreover, renewable infrastructure needs to be constructed with cybersecurity in mind. Energy providers may be using networks based on legacy systems that are far too old to support modern software updates. If security is not an inherent aspect of design, it becomes difficult to simply add updates as threats evolve. 

The government has an important role to play in coordinating efforts across renewable energy sectors because there are so many different operators and consumers involved in the process. In fact, the U.S. Department of Energy recently released a National Cyber-informed Engineering strategy that includes 5 sections: Awareness, Education, Development, Current Infrastructure and Future Infrastructure. 

Having the government and the private sector collaborate on engineering solutions is critical, but it only solves a part of the problem. Any system is only as secure as its weakest link, and humans are always the weakest link when it comes to cybersecurity. Even seemingly obvious procedures like logging out of the network when done accessing a system remotely need to be reinforced because all of the engineering in the world cannot compensate for poor cyber governance.

Since renewable energy and cybersecurity will be intertwined for the foreseeable future, it is crucial that the government and the private sector cooperate to ensure energy security in the United States.

Vedant Vamshidhar is a rising senior from the University of Southern California studying Intelligence & Cyber Operations. He is interested in the intersection of cybersecurity and international relations, and currently works as a Governance intern for ONC. Outside of coursework, he is active in USC’s Model United Nations team and the Southern California International Review.

Sources:

“Securing Our Solar Future: How Clean Energy Can Be the Most Cybersecure, Reliable Technology on the Grid.” SEIA, 10 Dec. 2021, https://www.seia.org/blog/securing-our-solar-future-how-clean-energy-can-be-most-cybersecure-reliable-technology-grid

“Doe Releases Strategy for Building Cyber-Resilient Energy Systems.” Energy.gov, https://www.energy.gov/articles/doe-releases-strategy-building-cyber-resilient-energy-systems

“Solar Cybersecurity Basics.” Energy.gov, https://www.energy.gov/eere/solar/solar-cybersecurity-basics

comments powered by Disqus
Ads

Video Site Tour

ONC

Subscribe to ONC Newsletter.

ONC