Commentary by Jay Zoellner, CEO Kiwi Power.
The ransomware attack that forced one of the nation’s largest fuel arteries to halt operations earlier this month exposed critical vulnerabilities in the American energy system, and as the largest such attack in history, it raised serious concerns for the security of our energy infrastructure.
Supplying nearly half of all gasoline and jet fuel to the East Coast, the Colonial Pipeline outage reinforced the critical role of energy in our society because economic losses associated with a downed piece of critical infrastructure often extend far beyond the company that owns and operates it. Nationwide, gas prices jumped 6 cents a gallon to $2.96—just pennies short of the highest price per gallon in nearly seven years, and fears of shortages caused panic buying that depleted local fuel supplies within hours. Six days after the attack, some 80% of gas stations in Washington, D.C., still had “no gas” signs up, according to GasBuddy. Long-haul truckers, Uber and Lyft drivers, and first responders all faced concerns over the availability of fuel needed to carry out their operations.
The race towards global leadership in the 21st century hinges on energy security, which is defined by the International Energy Agency (IEA) as the uninterrupted availability of energy sources at an affordable price. President Biden’s recent executive order on cybersecurity rightly aligns American national security interests with the availability of resources available for consumption.
The order paints a sharp distinction between government infrastructure (a mixture of location- and cloud-based data/ops) and private enterprise (which almost always relies on robust, agile, and secure cloud-based data/ops). Many utilities are in the same condition as federal facilities, with hardware configured one-time onsite and on-premise servers. Public sector grid-edge hardware is often a standalone solution, meaning it is configured once and then left to run—whereas private enterprise benefits from the nimble ability to make updates and respond to change in real-time.
Shifting the energy system away from fossil fuels to distributed energy resources (DERs) will require unprecedented levels of electrification, digitization, and interconnectivity. Over the short term, industry anticipates additional risks to critical energy infrastructure as decarbonized electric systems that power an increasingly diverse set of digital assets—like household appliances and autonomous vehicles—connect to energy supplies through smart grids and the Internet of Things (IoT). Private enterprise has been developing these capabilities for some time. Cultivating a global market for grid-edge technologies that is expected to reach $6.5 billion by 2027, private players are well-equipped to handle the transition and defend against malicious attacks. They are also prepared to work hand-in-hand with public sectors to develop safe, secure systems that promote the flow of shared information pertaining to perceived threats.
Preventing the type of security breach experienced by the Colonial Pipeline Co. in the electric grid requires many layers of security. Now, more than ever, companies that offer distributed energy generation must ensure their hardware and software solutions are safe from attack. End-to-end data encryption, regular updates, and best-practice software protocols are all effective ways to prevent cyber attacks on grid control and optimization software. Moreover, these are ready-available solutions that offer governments worldwide the reliability and resilience associated with private sector standards.
Leadership in 21st-century energy cybersecurity requires unprecedented levels of public-private collaboration. In response to the Colonial attack, the Biden administration took immediate measures to ease shortages, including issuing a regional state of emergency. Still, long-term energy security will require a significant overhaul of the country’s energy infrastructure.
This attack is not an opportunity for pundits to pit fossil fuels against clean energy. Rather, it shows the vulnerability of both forms of energy to attack. To best protect against these types of threats, energy technology companies must work diligently to ensure their products are safe from attack by having the above security measures in place. More secure, more efficient, and more reliable energy systems depend on it.