The greener the grid becomes, the more vulnerable it is to cyberattacks, a new paper said Thursday.
More solar and wind being added to the grid requires more Internet-based controls, which creates the greater risk of being hacked, explained Mark Mills with the conservative Manhattan Institute in the new study.
Mills says America’s electric sector is facing “two revolutionary changes.” First, is the emergence of what he calls “smart systems,” or the smart grid, which promises a “vastly improved control and distribution of power across grid systems.”
The second change “is the pressure to add far more episodic (wind and solar) power sources that inherently require ‘smart systems’ linked to the Internet,” he writes.
The controls are required to help compensate for the fluctuations in electricity production that come with more solar and wind being added.
Communications technology is quickly migrating from dealing primarily with information and data to what Mills described as an “Internet of Things,” which enables the Internet to act as a direct conduit to the “physical world” — an on-off switch for the grid.
“This ‘cyberphysical’ transformation holds the potential for greater efficiencies, convenience, reliability, safety and predictability,” said the paper. But the risks of that transformation are growing faster than policymakers can keep up with, especially in the energy and utility sector.
The pursuit of environmental aims is forcing policymakers and regulators to ignore the “safety-first approach” they have applied to every other sector, said Mills.
“For everything from cars to aircraft to healthcare, regulators have emphasized a safety-first approach to technology. That has not been the case thus far with regard to ensuring the cybersecurity of America’s evolving electric grid,” he explained in the study.
However, he said the “head-in-the-sand attitude” of policymakers when it comes to protecting the grid is slowly changing. A cyberattack in Ukraine last December resulted in the first major successful “hacker-caused blackout” that severely crippled the country, leaving tens of thousands without electricity, Mills explained.
Another “red flag” went up in 2016 when Google discovered that Iranian hackers used a technique called “Google dorking” to hack a small New York dam’s electro-mechanical control system.
These are wake up calls that have the attention of the Justice Department and federal energy regulators who have begun running more frequent grid-attack simulations with the U.S. utility industry to harden the nation’s infrastructure.
Mills has his doubts that these actions will be enough.
The increased greening of the grid comes at the same time “bad actors” are growing their cybercapabilities, “and exactly when society is becoming increasingly dependent on electricity,” Mills said.
His paper concluded that current energy policy is running the risk “of creating the conditions for a perfect cyberstorm by prematurely pushing the Internet of Things onto grids to accommodate environmental goals.”
The paper recommended cyberpolicies that take seriously the risks posed by the greening of the grid in formulating legislation and regulations that address the threat.
“Sound grid-cybersecurity policy would therefore … slow — and, in some cases, halt — smart and green-grid transformation that increases the attack surface until adequate cybersecurity features are available and incorporated,” Mills said in his paper’s recommendations.
That may sound radical at a time when the Obama administration is pushing for ever-increasing amounts of clean energy on the grid, but federal regulators recently recommended that, essentially, a dumber grid is the better way forward when it comes to integrating more renewables.
The recommendations were made in the wake of the Ukraine attack in coordination with the Energy Department and Homeland Security.
The agencies explained that any point on the grid that could be used to hack into the system and disable the grid should not adopt two-way, machine-to-machine communications via the Internet.
At the same time, federal energy regulators are examining the reliability risks posed by integrating more solar and wind on the system. Without adequate backup from fossil fuels, in some cases renewables intermittency can pose the threat of increased brown outs and black outs, say regulators.
