In mid-March, a US government watchdog warned the White House that the country's electrical grid is becoming ever more vulnerable to cyberattacks from everything from terrorist groups to state actors-China and Russia were singled out as particular threats. The Government Accountability Office (GAO) report is just the latest indication that bad actors are increasingly attempting - and able - to disrupt energy systems the world over. The growing risk is primarily down to the digitalization, interconnectivity and transition to green technologies in critical infrastructure across the globe.
The green energy transition has created a greater surface area for malicious parties to attack, as well as providing a multitude of potential entry points into the systems in question. Meanwhile, the fact that many of the components most crucial to renewable technology are manufactured by Huawei and other firms with close ties to the Chinese state raises concerns over an unhealthy dependence on the Asian superpower - as well as the potential for Beijing to perform surveillance and sabotage through those self-same components. While certain governments (like the US) appear aware of the dangers, many others (including the EU) may be caught sleeping by the potentially disastrous ramifications of the situation.
A new threat landscape
The GAO report acknowledged that while the US has done a satisfactory job of policing the grid's power generation and transmission systems, it had largely neglected the risks associated with distribution networks. The interconnected nature of today's electrical grids (an average major power company in America operates 121 plants covering 94,000 miles of distribution, for example) means that if just one weak link is infiltrated, the whole chain could be compromised. A 2017 study demonstrated how a lack of segmentation between individual turbines meant that an entire wind farm could be hacked with relative ease, while a European incident in January 2021 showed that control of just 3W of the continental grid could cause outages across the entirety of its 873GW capacity.
With the proliferation of smart appliances and the IoT in our homes and businesses, these potential weak links are multiplying in number at an exponential rate. That has been reflected in a surge in attempts to leverage them for criminal purposes. In December 2015, an attack on Ukraine's power grid left almost a quarter of a million people without electricity; the problem was eventually rectified through manually resetting the control breakers - a solution that is simply not available to many western nations due to the automated nature of their setups.
Meanwhile, Mumbai suffered a serious loss of power in October last year, plunging homes, businesses, rail networks and even the stock market into temporary chaos. Most troublingly, the incident has been linked to border skirmishes between India and China, with a study suggesting that the outage was a warning shot fired by Beijing, proof that it has the capability to cripple India's electric grid if Delhi pushes too hard on geopolitical issues. According to research by cyber security specialists Recorded Future, Beijing directed a significant flow of malware into Indian infrastructure over the months preceding the outage, the vast majority of which has not yet been activated.
Renewable revolution not without its risks
The digitalization of electrical systems and the greater sophistication of their components is one risk factor, but it's not the only one. The green transition is also greatly expanding the surface area of the energy system that is vulnerable to potential attacks, while cyber security is often not a priority for the sustainably minded companies involved. At the same time, new concerns are being raised over the leading manufacturers of some key components in renewable energy systems. Huawei, for example, is the world's top manufacturer of solar inverters, with 22% of the global market share; indeed, Chinese companies make up over half (53%) of the entire industry. Given the reports of malicious incidents such as the Mumbai blackout and China's background in industrial espionage, it's unsurprising that alarm bells are ringing for many nations over the proliferation of Chinese components.
In the US, that ringing has been more prominent than anywhere else, where Huawei announced they would be shutting down their solar energy operations in June 2019 thanks to intense pressure on their business from American lawmakers. Indeed, even that move was not enough to appease the powers that be, with a cross-party group of senators writing to the Federal Energy Regulatory Commission to ask them to consider the ongoing threat Huawei poses to the country's energy infrastructure, given the company's ties with the Chinese Communist party and intelligence services.
Cyber security must be baked into strategies
Those major markets (including the EU) who have not yet taken the same similarly tough stance on cyber security in the energy industry must remedy their shortcomings with immediate effect. The hackers certainly aren't going to wait for them to get their house in order; a recent ransomware breach perpetrated against the Portuguese firm Energias de Portugal (EDP) is a troubling sign of things to come, while the fact that the energy sector is the number one target for cyber criminals (attracting 16% of all attacks in 2019) shows the scale and seriousness of the issue.
Barring problematic components (like those manufactured by Huawei) from energy systems is one important step in reducing the risk of electricity supplies becoming compromised, but it can't eliminate the threat entirely. Instead, cyber security must be viewed as part of the foundation upon which the energy systems of tomorrow are built, rather than an optional afterthought. Only through enhancing strategic intelligence of the threat landscape, integrating security features across all facets of a system and partnering with other at-risk parties in the industry can the energy economy pull off the prodigious feat of staying one step ahead of the criminals and keeping our increasingly technologically advanced grids safeguarded against infiltration or attack.
* This is a contributed article and this content does not necessarily represent the views of techtimes.com
