A noted cybersecurity expert recently warned of cyberattacks on critical systems intended to “induce societal panic”, noting that the 2021 East Coast gasoline pipeline shutdown was merely foreshadowing what would happen if such an attack were executed on a massive scale. She painted a chaotic scenario in which Americans are unable to perform daily activities, and in which critical systems--even the water supply--cease to function.
If this language sounds extreme, consider that it came from testimony given by Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), to Congress.
The truth is that AI is increasingly driving the systems that tie together our decentralized energy grids. These systems are also forming the backbone of new business models such as virtual power plants (VPPs), demand-side management, and Energy-as-a-Service (EaaS). All this has the potential to bring numerous benefits to a broad range of energy stakeholders. In fact, without the use of AI it’s unlikely that we’ll make meaningful strides in reducing green house gas emissions, or expanding the benefits of energy to underprivileged communities and countries.
On the flip side, however, reliance on AI, as well as connected IoT networks, means that these systems are increasingly under attack by sophisticated fraudsters, pranksters or nation-state actors.. While in a past era disabling our energy infrastructure would have required physical sabotage carried out on-site, Internet-based operation means that--if proper precautions aren’t taken--it can potentially be disabled with a few keystrokes by hackers from anywhere in the globe.
Challenges in Data and Device Connectivity
Today, energy companies leverage connected devices and software from a variety of vendors. To appreciate the scope of platforms and solutions involved, consider that $5.7B, and a study from Guidehouse Insights indicates that by 2032 the electric utility software market may reach $37B. While the exact number of providers is unclear, a 2016 report, for example, identified thousands of vendors related to energy distribution.
This explosion in technology options has clear benefits in terms of keeping the cost of individual components down through competition, and in some cases meeting specialized needs. However, without the benefit of universally agreed-upon security standards, it also carries the unintended consequence of creating siloed systems. Additionally, energy companies may find themselves restricted by integration-related obstacles and vendor lock-in, which makes it difficult to upgrade or acquire better technologies.
Organizations that find themselves hamstrung by vendor lock-in, silos and integration challenges often have to sacrifice on numerous fronts. One of which is the ability to successfully implement AI, which must be able to access a wide range of systems.
Access to a full range of information, as well as the ability to facilitate collaboration between systems, is what makes it possible to make the kind of fully informed decisions required to optimize energy production, distribution, and other key elements of an efficient grid. Such access, however, requires consistent security and authentication between hardware and software systems. And there is a new risk emerging of getting locked-in to a particular AI from vendors as well.
Lack of standardization leads to security gaps
Lack of such standardization for these systems creates massive operational burdens by increasing development and operating costs. While it is not clear exactly how much burden it puts on the energy industry specifically, we do know that in general the ‘technical debt’ within the U.S.--or financial loss associated with relying on systems that no longer work, due to the problems we’ve been discussing--is estimated at $2.41 Trillion by the Consortium for Information & Software Quality (CISQ).
The problems areas focused on in the CISQ report, such as supply chain problems with underlying third party components, are direct results of the lack of standardization that is endemic to the energy industry. These problems, in turn, may increase energy prices and complicate efforts to meet decarbonization goals and data-related regulatory requirements for data privacy and storage.
However, higher prices and regulatory hurdles may represent a best case scenario for lack of standardization. The worst-case scenario involves complete disablement by hackers. If this sounds far-fetched, consider that at the same Congressional hearing referenced earlier, FBI director Christopher Wray described recent discoveries regarding a state-sponsored hacking group, Volt Typhoon, that had taken control of hundreds of routers in pre-operational information gathering. These, according to Wray, were conducted with the express purpose of preparing to destroy or degrade critical infrastructure, including the energy grid.
Benefits of Standardization
Granted, the conversation around security threats to energy infrastructure tends to be a dark one, when one considers the stakes. However, there’s a real bright spot to this discussion as well. The same procedures required to standardize security and interoperability will also provide a host of benefits, each of which is necessary to achieve many important objectives for the energy industry, such as pollution reduction.
First, it will facilitate collaboration in the energy value chain by allowing authorized humans and algorithms to freely exchange information. As Penn State professor of engineering Jacqueline O’Connor notes, collaboration across all aspects of the energy supply chain is a necessary step in increasing energy efficiency.
Furthermore, it will allow energy organizations to avoid many of the pitfalls and efficiency roadblocks that are common to all IT organizations, such as steep integration costs and vendor lock-in.
Additionally, standardization may drive cost-reduction by spurring supplier competition. If standards can be agreed upon, a wider range of vendors will have the opportunity to create hardware and software solutions that meet the needs of a wide range of organizations.
Conclusion
In summary, energy companies are entering an era of both greater danger and greater opportunity than ever before. As digital standards and interoperability are increasingly adopted and emphasized, the energy ecosystem will be positioned to not only maintain secure operating environments, but also to achieve new levels of efficiency and flexibility.
Florian Kolb is Chief Commercial Officer and General Manager at Intertrust. He has a 15-year career in a series of business leadership roles within the European energy industry. He is responsible for all of Intertrust’s product sales and business development activities, as well as the company’s initiatives in the energy and related industries. Kolb spent five years as CEO/Managing Director of innogy’s (initially RWE) Silicon Valley innovation group. In that role, he led U.S. strategic investments and innovation activities, including building and managing a strategic investment portfolio aimed at assembling technology assets for data-driven business models for the energy industry.
He also helped incubate internal start-ups at innogy, which led to the creation of DigiKoo and Livisi. In 2016, he founded Free Electrons, a global accelerator program now operated by a consortium of ten leading international utilities. Florian holds a Master’s degree in political economics from the University of Passau, Germany, and has participated in executive programs at INSEAD and IMD Lausanne
