Managing cybersecurity for renewable energy resources
Renewable energy systems are connected to the wider energy grid, which increases the risk of a cybersecurity attack.
President Biden declared January 27, 2021 to be Climate Day, and released a set of Executive Actions to address the Climate Crisis. The strategic goal of these policies is to “lead a clean energy revolution that achieves a carbon, pollution-free power sector by 2035 and puts the United States on an irreversible path to a net-zero economy by 2050.” It also directs federal agencies to procure carbon, pollution-free electricity and requires the government to “identify steps that can be taken to double renewable energy production from offshore wind by 2030.”
Cybersecurity challenges facing renewable energy projects
The renewables revolution poses new risks to power grid security. Renewable energy systems are connected to the wider energy grid, which greatly expands the attack surface and makes it more complex. However, expanding renewable energy resources will lead to increased cybersecurity risks. One of the issues this article cites is that the smaller, decentralized entities who are managing these projects often lack the appropriate resources to protect themselves from hackers. And it’s not just the smaller companies who aren’t taking cybersecurity seriously enough. The article also states that “established energy giants pivoting to renewables seem to be repeating past mistakes of adding cybersecurity as an afterthought — even as they make strides in cybersecurity in other areas.”
Unfortunately, there are few current cybersecurity requirements for renewable energy. The Federal Energy Regulatory Commission (FERC) and the nonprofit North American Electric Reliability Corp. (NERC) only create and enforce cybersecurity requirements for the bulk power system, and there are no specific rules for renewable energy assets. While major utilities conform to these NERC CIP requirements, there are no current guidelines for expanding coverage into renewable energy.
Although there are no regulatory requirements just yet, federal agencies are beginning to signal that they understand the importance of cybersecurity for this new frontier. In July 2020, the Department of Energy (DOE) released their “Roadmap for Wind Cybersecurity” plan, and in November 2020, they released their plan for improving cybersecurity in Energy Efficiency and Renewable Energy (EERE).
As noted in the article, “Advances in the connectedness and interoperability of EERE technologies require an increased focus on cybersecurity,” said Alex Fitzsimmons, Deputy Assistant Secretary for Energy Efficiency. “Cyber threats targeting EERE technologies present an immediate risk to the integrity and availability of energy infrastructure and other systems critical to the nation’s economy, security, and well-being. New technologies must be designed with cybersecurity as a requirement.”
Integrating cybersecurity into new renewables projects from the start, rather than applying it as an afterthought, is going to be critical for the stability of the electric grid moving forward. Investing in tools that provide comprehensive OT asset management capabilities to automate asset inventory data collection will be critical to achieve this. With the increased emphasis on renewable power by the Biden Administration, there are likely to be many new vendors creating products to support this expanding market.