Mapping the clean energy ecosystem

Finding the right intervention points for cybersecurity in the clean energy transition

I’m on a steep learning curve. Before even thinking about the cybersecurity implications of the clean energy transition, my collaborators and I¹ had to figure out what it is—what actors it’s made of, how they fit together.

This blog post encapsulates our current understanding of the clean energy ecosystem. We want your feedback. We expect to update this post as we update our understanding of the space. You can reply to this email or email Nick Merrill <ffff at berkeley dot edu>.

If you’re new to the clean energy world (as I was am), this post is for you. I’ll explain who and what is “in scope” when we think about cybersecurity & clean energy.

You can think of this post as a provisional table of contents: Each actor will likely merit its own post in time.

Actors in the clean energy ecosystem

The clean energy transition is more than a shift from carbon-emitting to non-carbon-emitting energy sources. It is a reconfiguration of how the electrical grid is organized: what components it contains and how those components relate to one another.

Vendors

Upstream, a panoply of vendors provides clean energy technology products and services: manufacturers of batteries, wind turbines, and solar panels; systems integrators; engineering and technology companies that sell automation and control products like smart meters and distribution equipment; and software firms.

Cybersecurity issues

• The vendors these products produce are, by nature, novel. As a result, (1) they are not battle-tested, (2) it is unclear what their attack surface area is.

• Attacker techniques are evolving quickly in this space. Any redteaming or certification will likely be outdated as attackers’ tools, techniques, and procedures (TTPs) evolve.

• Devices typically need to be configured after installation, and vendors often do not (or cannot—see above) provide adequate instruction on configuring these devices securely.

• Supply chain security may be idiosyncratic for these vendors, as components may be bespoke or involve unusual materials.

• Due to the heterogeneity of energy sources the clean energy transition requires, vendors’ products will have a long tail of unique components; there may be no general risk model that covers all of them.

• It is (generously) unclear how effectively the regulations that apply to these vendors shape their cybersecurity practices.

Distributed Energy Resources (DERs)

Throughout, distributed energy resources (DERs) exist both “behind the meter”—for example, a solar roof in a home—and “in front of” the meter—for example, small-scale generators that may consume and produce electricity simultaneously. Demand response technology, like a condo’s smart load controllers, also falls into this category. Below, we list the broad categories of DERs we consider.

1. Small-scale generators

As the clean energy transition shifts our grid toward distributed generation, small energy producers have become critical infrastructure operators overnight. Consider a local startup that produces energy from ocean waves (CalWave) or one that produces energy (and biochar) from combusting agricultural waste. Such producers, if successful, will be critically relied upon to provide reliable power to their local grid.

Cybersecurity issues:

• These generators do not have a deep bench of cybersecurity professionals. They may not have a high organizational maturity in cybersecurity, and building one would be challenging—they would need to hire a specialist from an already limited pool.

• The cybersecurity guidance they receive is typically in the form of a checklist, which may feel onerous or simply irrelevant to the problem of scaling generation.

• Established cybersecurity baselines for utilities (from NARUC and others) assume organizational maturity and resources that many small producers lack (see above), provide technical requirements without operational context (see above), and fail to account for the unique constraints of new clean energy technologies.

2. “Prosumers”

Downstream, households and businesses consume and—unique to clean energy—also produce energy. These “prosumers” might adopt small-scale systems like rooftop solar panels or battery storage that feed power back to the grid.

Cybersecurity issues

• The grid functions as a real-time marketplace for electricity, where supply and demand are continuously balanced through dynamic pricing. The presence of prosumers increases the grid’s complexity: prosumers force utilities to deal with generation and consumption from the same customers, making the work of running this market more difficult to manage. That complexity likely adds cybersecurity risk. (System complexity and cyber risk are broadly understood to be linked).

• Prosumers, from our initial research, typically do not, and in many cases cannot invest any cybersecurity resources into their energy production capacity. Installers configure the system, and prosumers typically do not have any options to modify that configuration.

3. Demand-response technology

As mentioned, the clean energy transition requires many sources. Some produce only intermittently, like solar and wind. To smooth variable supply over variable demand, the grid is increasingly making use of ‘smart’ demand-response technologies.

Here's an example. Say you live in a condo and want to support electrical charging for each spot in the condo's lot. The grid won't be able to charge all the cars in the lot simultaneously. Fortunately, not everyone’s car will be in equal need of a charge simultaneously—the condo can probably dole out the available energy based on need (a car that's mostly charged can stand to charge more slowly, for example).

These technologies—a car that needs electricity and a condo’s battery that may or may not be able to provide it—need to communicate their state to one another. They do so over the internet.

Cybersecurity issues: Smart demand-response technologies create a two-way reliance between the internet and the grid. Consider the case of the condo and the cars, above. In this case, an internet outage would stop batteries from charging even if the grid stays on. But it's worse: because the batteries aren't charged, the condo will demand more power from the grid, which could tax available capacity! If every condo relies on a battery to smooth grid demand, and every battery array is smart, an internet outage of only a few blocks could create enough unexpected demand to cause a blackout!

This thought experiment illustrates that internet and grid stability can have unexpected feedback loops. And, if we accept the premise that (1) the clean energy transition will require more grid use at point-of-consumption for things like cars and even factories, and (2) we cannot cost-effectively retrofit the grid to meet those consumption needs, smart devices may be impossible to avoid. Which, in turn, means these feedback loops may be impossible to avoid.

Clouds

As discussed, the clean energy transition requires more intelligence from the grid: more data and more communication. Data captured in one place must be delivered elsewhere, and often stored as well (e.g., for analytics, AI training, or security monitoring). Serving this role are the usual suspects: the cloud providers, particularly the largest “hypergiants” that are uniquely capable of acting as a one-stop shop for world-scale transit, storage, and compute.

Cybersecurity issues: The security issues that apply to clouds now also apply to the grid. Clouds are large and systematically important but also largely internally homogeneous (an attack that works at Amazon’s US-Oregon center will likely work in every Amazon data center). These features make clouds appealing targets for state-backed advanced persistent threat (APT) actors, who are willing and able to invest in highly scalable attacks. If cloud compromise also allows APTs to compromise the electrical grid (e.g., by allowing the attacker to deny service to all utilities and services that use the same cloud provider), clouds become an even more valuable target for APTs.

Also, relevant regulations may not adequately cover clean energy actors’ use of the cloud. Clean energy actors may lack the expertise required to manage “normal” cloud risk (e.g., key management best practices; configuring permissions, access control, or IAM correctly; etc). Either or both of these factors could make the grid’s stability newly susceptible to the risks that have plagued enterprises for years: key material leaks, data leaks due to misconfiguration, IAM social engineering attacks, etc).

Other actors

There are other actors in this space we know we’re missing:

• Traders

• Regulators

• Law enforcement agencies

• Large-scale energy producers

• Electric mobility operators

We hope to address these actors more delicately in future posts as we continue to untangle the space.

Finally, possible solutions:

• A Secure Energy Internet

Feedback?

These are just the actors, and a sketch of some of the security concerns that emerge from the relations between them. Subsequent posts will treat these actors and their relationships with much more detail, likely with specific posts that deal with cross-cutting threats (e.g., the two-way reliance between the internet and the grid).

In the meantime, we’re asking for your feedback. Is this a reasonable approach to understanding the actors in the clean energy transition? We want to hear from you. Please contact Nick Merrill <ffff@berkeley.edu> or reply to this email with any feedback.

1

This work emerged in collaboration with Ann Cleaveland, and Steve Kelly at IST. Many thanks to Javier Garcia Quintela (Repsol) for reviewing a draft of this post.