A Secure Energy Internet
Today, millions across Spain and Portugal have found themselves plunged into darkness. An unprecedented blackout has swept the entire Iberian Peninsula. Subway trains ground to a halt in Madrid and Lisbon, traffic lights blinked out, flights were grounded, and hospitals scrambled to keep critical systems running on backup power. Daily life has been paralyzed, the Spanish government has declared a state of emergency, and the cause of the outage, for now, remains a mystery.
This is a continent-scale reality check. In a single afternoon, the vulnerabilities of our interconnected, increasingly complex energy systems were laid bare for 50 million people.
After spending months cataloging vulnerabilities in the clean energy ecosystem—from insecure vendors to overwhelmed small generators to vulnerable prosumers, and most recently, algorithmic energy traders—I keep returning to a single question: what if we stopped trying to patch our way to security and instead reimagined the entire architecture?
What if we could design an energy system from first principles that embraces decentralization while building in security from the ground up?
The problem
In my last post on renewable energy traders, I concluded that
…these trades are likely introducing new classes of vulnerability into the energy grid. This doesn't mean we should abandon algorithmic trading. It means we should... amplify the upside risk of this technology, and manage its downside as best we can.
What would an energy system designed to amplify upside while managing downside actually look like?
Our current approach resembles someone trying to secure a house by adding more locks after each break-in—a reactive, ever-accumulating patchwork of fixes. But what if we could design a new house with security as a foundational principle?
A secure energy internet
I've been toying with a concept I'm calling the Secure Energy Internet. The basic idea is to reimagine energy infrastructure using principles borrowed from how the internet works—distributed, fault-tolerant, packet-based—but avoiding the internet's well-known security pitfalls.1
The core architecture rests on three pillars:
1. Cryptographically-secured power packets
Imagine every unit of electricity treated like a data packet—time-stamped, signed, and tagged with metadata about its source, carbon intensity, and reliability guarantees. These "power packets" would allow buyers and sellers to verify exactly what's being delivered, without requiring trust in central authorities.
Unlike the countless opaque transactions powering today's energy markets (remember all those trading vulnerabilities we discussed last week?), this approach creates transparency and auditability at the protocol level.
2. Sovereignty-first microgrids
Each participating node (household, business, community) would be engineered to operate autonomously during failures. Local control algorithms and hardened communications ensure that critical systems keep running even when disconnected from the wider grid or internet.
This contrasts sharply with today's approach, where the more we integrate renewables, the more we create complex cyber-physical dependencies that can cascade into widespread failures.
3. Local-first markets with built-in circuit breakers
Energy trading would occur locally first, with surpluses and deficits resolving among nearby nodes before escalating to regional layers. Algorithmic circuit breakers would throttle price manipulation, while reputation systems would penalize unreliable actors.
This addresses many of the trading vulnerabilities I discussed last week—by designing market guardrails directly into the protocol, we could potentially avoid the "robot battles" that regulators fear.
The upsides
There are several reasons why this approach seems promising:
It aligns incentives with security. Rather than treating security as a cost center or compliance burden, the architecture makes security a prerequisite for market participation.
It's modular and evolutionist. Unlike monolithic utility systems that require complete overhauls, this architecture could gradually expand alongside existing infrastructure—starting with microgrids and growing outward.
It creates proper redundancy. Today's grid depends increasingly on the public internet for command and control, creating a dangerous monoculture. This architecture creates separation between energy flows and control signals.
It allows for permissionless innovation. Just as the internet's open protocols enabled unpredictable innovations, standardized energy interfaces could unleash new business models and technologies we haven't yet imagined.
Obvious issues
While I find this vision compelling, I'm aware of at least five major challenges:
Physics doesn't care about your clever protocols. Electricity must obey physical laws regardless of how we structure information about it. Frequency stability, harmonic distortion, and physical line limits create constraints that data networks don't face.
Legacy infrastructure isn't going away. Any new architecture must interoperate with billions of dollars of existing equipment and decades-old protocols. The transition path is murky at best.
Regulatory frameworks move slowly. Even if the technology worked perfectly, navigating the complex web of energy regulations would require extraordinary patience and political capital.
Security-performance tradeoffs. Adding cryptographic operations to real-time energy systems creates latency and computational overhead that might not be acceptable in all contexts.
It's unclear who pays for the transition. Building new infrastructure has real costs, and the distribution of those costs across stakeholders isn't obvious.
Starting small
If this approach has merit, the sensible path forward isn't a grid-wide revolution but rather controlled experiments:
Laboratory validation. Build a hardware-in-the-loop test bed to prove the architecture works under stress, including cyber attacks and physical failures.
Regulatory sandbox pilots. Partner with forward-thinking regulators (like those "regulatory sandboxes" I mentioned last week) to test small-scale implementations in controlled environments.
Focus on underserved use cases first. Rural communities, island microgrids, and developing regions without established infrastructure might offer better testing grounds than attempting to retrofit mature markets.
Open questions
This concept raises as many questions as it answers:
How do we properly value resilience in market mechanisms? Current markets rarely price this correctly.
Can we create verification systems lightweight enough for resource-constrained devices?
How would emergency overrides work in a decentralized architecture?
What's the minimum viable scale for such a system to demonstrate its advantages?
How do we prevent new forms of market manipulation that might emerge?
But, perhaps one question lingers in my mind above all others. Is secure-by-design the right goal for grids?
Throughout this blog, I've documented countless ways the clean energy transition introduces new security risks. The question remains: Is it possible to design security into our energy systems from the ground up, or are we destined to keep patching vulnerabilities as they emerge?
The Secure Energy Internet concept represents one potential path-inspired by internet architecture, but hopefully avoiding its security pitfalls. I'm skeptical of silver bullets, but I'm equally skeptical that our current trajectory leads to a secure, abundant energy future.
This week’s unprecedented blackout across Spain and Portugal, one that left millions without power, halted metros in Madrid and Barcelona, and even forced a state of emergency in parts of the Iberian Peninsula, makes these questions more than theoretical. When a single grid event can cascade into chaos for 50 million people, it serves as a stark reminder that our current patchwork approach is not only inefficient but also potentially catastrophic.
Events like this highlight why we need to rethink grid architecture from the ground up: to build in resilience, local autonomy, and transparency, rather than relying on brittle, centralized systems that can fail spectacularly. The Secure Energy Internet isn’t just a thought experiment—it’s a response to the vulnerabilities exposed, once again, by real-world crises.
I want your feedback. Is this approach worth pursuing? Have similar ideas been tried and failed? Are there critical flaws I'm missing? Or potential strengths I've overlooked?
Contact me at ffff@berkeley.edu with your thoughts, or leave a comment below. The clean energy transition is too important to get wrong.
For our readers who are affected in the recent blackouts, our thoughts are with you. And especially with at least one reader, who I know is not going to be getting much sleep lately.
This idea was heavily inspired by conversations with Barton Rhodes, who founded Plurigrid using what I understood at the time to be similar ideas. While I’m unfamiliar with the current status of that project, subsequent pivots made me doubt how well I understood the original goal… so the Secure Clean Energy concept is a bit more of my projection of what I think Barton may have meant. Barton, if you’re reading this, please get in touch and tell me about the status of the project!