Cybersecurity

Clean Energy Sector Ignoring Growing Cybersecurity Threat, Experts Warn


The looming threat of cyberattacks from China is intensifying in the United States. Already, incidences of attacks from Chinese spy agencies are increasing in the West, and Beijing could seriously escalate its cyber warfare tactics if it sensed any heightened threat from the U.S. or its allies. As such, increased planning and investment in cybersecurity is more important than ever across key U.S. industries. However, one of the quickest growing sectors in the country – the clean energy sector – has dedicated worryingly little attention to this growing threat. 

“If Beijing believed that a major conflict with the United States were imminent, it would consider aggressive cyber operations against U.S. critical infrastructure and military assets,” states this year’s Annual Threat Assessment of the U.S. Intelligence Community. “Such a strike would be designed to deter U.S. military action by impeding U.S. decisionmaking, inducing societal panic, and interfering with the deployment of U.S. forces,” the unclassified report continues.

The United States energy grid would be a prime candidate for such attacks, as it would certainly trigger panic and impede virtually every system that our society depends on for day-to-today functionality. But the energy sector is undergoing massive changes at the moment, rendering it vulnerable. A large-scale attack could take out large swaths of the power grid for days and even weeks in some parts of the country. The economic implications alone would be devastating.

The United States government is acutely aware of the scale of the threat to a nation as deeply digitized as ours is. The scale of the risk for the energy sector, which relies on connectivity, is particularly daunting. “In today’s highly interconnected world, reliable energy delivery requires cyber-resilient energy delivery systems,” states the U.S. Department  of Energy in a web page specifically dedicated to cybersecurity. “In fact, the nation’s security, economic prosperity, and the well-being our citizens depends on reliable energy infrastructure.”

But so far cybersecurity has been almost completely overlooked in the federal government’s push for renewable energy expansion and associated grid additions. Reporting from the Hill recently pointed out that the Biden administration’s recent announcement of $20 billion in clean energy incentives offered through the Inflation Reduction Act included no mention of cyber threats, and the criteria for winning those awards includes no requirement for cybersecurity measures. Cybersecurity experts consider this to be a considerable oversight. “Implementing cybersecurity alongside these investments can make, or break, our nation’s clean energy future,” The Hill states.

The changing nature of the power grid as it becomes increasingly dominated by renewables presents a mix of strengths and vulnerabilities to cyber attack as compared to more traditional grid systems. Renewable-powered grids are generally much more decentralized than those powered by fossil fuels, as more residences and communities can create their own energy. This wider distribution presents more resilience, but it also represents a greater surface area for targeting. In short, in a traditional centralized grid, “risk of hacking is lower, as there is only one central node to attack, but the impact of such attacks are extremely high.” 

Policy measures requiring critical safeguards will be essential to protecting the grid from attacks that could come at any time and with little to no warning. Coordinated efforts are therefore needed to understand and plan for the changing cyber vulnerabilities and resilience in our shape-shifting energy landscape. And the need for such stocktaking and informed political strategy is urgent. The failure to include such measures from the inception of these energy projects does not bode well for their security down the road. As a general rule, the electric sector is extremely slow to change and adapt due to a litany of bureaucratic hurdles and miles of red tape. Implementing cybersecurity functions after the fact will be inefficient and potentially tragically insufficient. 

By Haley Zaremba for Oilprice.com 

More Top Reads From Oilprice.com:





Source

Related Articles

Back to top button