Earlier this month, the Biden administration announced $20 billion in grants through the Inflation Control Act for climate change and clean energy projects across the country aimed at reducing or avoiding up to 40 million tons of carbon annually over the next seven years. Announced. The success of this ambitious investment will depend on an often overlooked but critical element: the cybersecurity of the clean energy technologies underlying these projects.
Critical sectors such as water, transportation, healthcare, manufacturing, and telecommunications have long been attractive to attackers who compromise insecure assets connected directly to the public internet to carry out ransomware attacks and state espionage. It has become a target. The intelligence community's recent annual threat assessment sheds new light on this challenge, warning that the Chinese government is pre-positioning U.S. critical infrastructure to deter U.S. military intervention in regional conflicts. are doing.
In addition to this risk to large critical sectors, clean energy systems are significantly more distributed than traditional energy generation approaches. The latest additions to our nation's energy infrastructure, from large-scale solar and wind farms feeding directly into the larger power grid, to small residential installations connected to local government grids. Scale investments will increase the sector's attack surface and make the energy sector an increasingly attractive target. Digital threat actors. Implementing cybersecurity alongside these investments can make or break our nation's clean energy future.
Climate modeling, public policy, and innovation are driving large-scale and rapid changes in the energy grid, which must be complemented by cybersecurity policies.
We are currently living in a time of unprecedented change in the U.S. energy grid, driven in part by environmental public policy. Climate modeling, such as the 'Net Zero by 2050' report and his REPEAT project, strengthens national and international efforts to meet specific climate and clean energy goals and deadlines.
Together, the Infrastructure Investment and Jobs Act (IIJA) and the Inflation Control Act (IRA) will provide $30 billion in funding for these efforts, dramatically changing incentives and investments in clean energy, offsetting costs, and increasing the and increase adoption in both commercial and commercial enterprises. Advances in technology are also making solar panels increasingly affordable, accelerating the development of smart meters, enabling the use of cloud services for load balancing, and increasing interconnectivity and adoption of these technologies. It has been strengthened.
However, the White House's recent announcement made no mention of cybersecurity, and aside from a $350 million state and local cybersecurity grant program, IIJA and IRA have There are few provisions that explicitly permit the imposition of cybersecurity requirements on projects funded under the Act. Given the alarming cyber threat environment, ambitious infrastructure public policies must be accompanied by equally ambitious cybersecurity and resilience policies.
As the energy grid evolves to accommodate clean power generation, transmission, and distribution, the cybersecurity of these distributed technologies must evolve with it.
From a governance perspective, the power sector is slow to change and oversight spans federal agencies and state regulators. Historical barriers to power grid modernization remain. The permitting process for building new infrastructure, from wind farms to high-voltage power lines, remains complex and time-consuming, and large-scale infrastructure projects are expensive to construct.
These barriers will only increase with the introduction of renewable energy technologies. More stakeholders need to be involved in the process, more assets need to be protected, infrastructure is more decentralized than ever, and energy generation is moving beyond large factories to homes and commercial buildings. and some are mediated by the consumer Internet. Things (IoT) devices.
Anticipating this threat, several federal agencies are turning their attention to IoT cybersecurity and distributed grid technologies. The Federal Communications Commission recently unanimously adopted rules establishing the U.S. Cyber Trust Mark, allowing manufacturers of connected consumer devices such as doorbell cameras and home appliances to demonstrate compliance with a set of security standards. It will look like this. Additionally, the Department of Energy (DOE) has indicated its intent to develop security requirements tailored to smart power meters and connected inverter-based systems.
These policy initiatives focus cybersecurity in product development and implementation, such as the Cybersecurity and Infrastructure Security Agency's (CISA) push to develop “secure by design” technologies and similar programs at the Department of Energy. It coincides with a government-wide transition. It's called “cyber-informed engineering.” Doubling down on these secure architecture programs is critical to ensuring that the range of existing and emerging renewable technologies does not introduce similar levels of vulnerability to our nation's energy grid.
In the long term, the energy sector needs coordinated and long-term cooperation to ensure that cybersecurity is a core tenet of clean energy.
Ensuring that cybersecurity remains a core tenet of the future clean energy grid will require close and frequent collaboration between the cybersecurity and energy grid communities over the coming decades.
Traditional public-private partnerships still don't routinely include representatives from large renewable energy and cloud companies, and cybersecurity governance and standards in particular still remain tied to the Department of Energy, CISA, and the White House National Cyber Office. It is widespread in many federal agencies, such as Director of the National Institute of Standards and Technology. However, from the aforementioned CISA and DOE Secure Architecture Program to the Advanced Cybersecurity Grants and Technical Assistance Program for Municipal Utilities, which aims to help small businesses, utilities, and cooperatives strengthen their cyber defenses; The beginnings of a suitable policy exist.
There are many challenges ahead, and we remain hopeful for a national collaboration between climate policy, energy, and cybersecurity experts. Only then can cybersecurity become an enabler of a clean energy future, rather than a barrier.
Sarah Powazek is program director at the Center for Long-Term Cybersecurity at the University of California, Berkeley.
Steve Kelly is Chief Trust Officer at the Security Technology Institute.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
