So far, this blog has mostly stuck to the script I laid out in my first post, mapping the clean energy ecosystem and the cybersecurity issues with each step in the chain.
Today, we’re going to take a break from that outline and look at a new source of risk: energy markets.
I.
The Financial Times reported that Danish cities like Aarhus and Aalborg have become hotspots for algorithmic energy trading companies. These companies are navigating increasingly volatile renewable energy markets: sophisticated trading operations both stabilize prices and potentially introduce new risks as regulators try to keep pace with the rapid automation of energy trading.
Before getting into all that, what are energy markets? Energy markets let traders buy and sell electricity (and other energy products). Electricity is unique among commodities: it must be consumed the moment it's produced—you can't easily store large amounts of it (though battery technology is changing this somewhat).
How can you trade something that needs to be consumed immediately? The answer lies in the sophisticated structure of electricity markets, which operate on multiple timeframes. While electricity itself must be consumed immediately, what is actually being traded are commitments to produce or consume power at specific times in the future. These range from long-term futures contracts (made years in advance) to day-ahead markets and even real-time balancing markets that operate in 15-minute or 5-minute intervals.
This time-sensitive nature of electricity trading is precisely why algorithms have become so valuable. As the FT story notes, prices can swing dramatically based on countless variables—cloud cover affecting solar panels in Spain, wind patterns in the North Sea, or factory production schedules in Germany. The companies in Aarhus and Aalborg are essentially betting on these fluctuations, using proprietary algorithms to process vast amounts of data and identify trading opportunities that humans simply couldn't calculate quickly enough.
II.
First, the good. Are these markets helping anything?
Absolutely.
Stabilization through liquidity. More market participants and automated trading systems mean more buying and selling options are available at any given moment. This improved liquidity helps energy producers and consumers find better prices and ensures the market functions efficiently. As InCommodities' CEO Daniel Andersen noted in the FT article, these traders have a “stabilising effect” on the naturally volatile renewable energy market. By quickly responding to price signals, they help remove bottlenecks in electricity distribution and smooth out some pricing extremes.
Real-time Balancing: Perhaps most importantly, these traders help balance supply and demand in real-time. As Mads Schmidt Christensen from Danske Commodities explains, "As the share of renewables in the energy mix continues to increase, the need for real-time balancing of energy markets will only grow bigger." Someone needs to manage the complexity when the sun suddenly disappears behind clouds across Spain or when wind patterns shift in the North Sea.
Moving the energy transition costs onto private balance sheets. By creating financial mechanisms to handle renewable energy's inherent variability, these markets shift portions of the energy transition's risk management costs from government budgets to private investors. Rather than taxpayers bearing the full burden of managing intermittency through expensive public infrastructure projects, traders assume financial risks in exchange for profit opportunities. Their algorithms essentially price and distribute the costs of renewable unpredictability across the market, creating economic incentives that attract private capital to solve what would otherwise be expensive public challenges.
III.
There’s the upside case. What’s the downside?
Let’s start with the downside risks to traders. Insalubrious though it may be, I firmly believe that understanding the incentives of well-capitalized private actors explains an outsized proportion of the variance and the effect you see in the world.
Algorithmic arms race: As the FT article shows, we're witnessing a proliferation of trading firms in places like Aarhus, all competing for the same edge. What was profitable yesterday might be neutralized tomorrow as competitors develop countervailing algorithms. This creates a perpetual technology arms race, requiring constant investment in models and faster systems to maintain position. Increasing investment in models could eat away at profits in the long run.
Regulatory backlash is always possible, doubly so in Europe. The Dutch Authority for Consumers and Markets (ACM) report signals that regulators are taking notice. Companies like InCommodities acknowledge this reality—their compliance head, Iain McGowan, noted that guidance on new market rules is “virtually non-existent.” Who among us would bet against punitive regulation in Europe? Traders who build multi-million dollar systems could find them suddenly non-compliant when regulations inevitably catch up. (Though, in the shadow of a trade war and the Draghi report, all bets are off).
Black swan events: The extraordinary profits of 2022 (InCommodities generated €1.06bn in post-tax profits, up from €112mn the year before) came from Russia's invasion of Ukraine—a geopolitical event that models may (or may not!) have missed. These extreme market dislocations can create both windfall profits and catastrophic losses, depending on model risk.
Systemic feedback loops: When algorithms interact at high speeds, they can amplify rather than dampen volatility. (Such feedback loops were one cause of the Black Monday crash in 1987. If you’re reeling from this week’s trade shock, imagine the DIJA plunging 22.6% in a single day—because of computers, a technology you only vaguely understand. That was the experience of many Silent Generation retirees). The ACM report warns about “robot battles” (5.2.1) kicking off such a loop. A trader whose algorithm gets caught in such a loop could face extreme losses before human operators can intervene.
Capital requirements: The massive volatility in these markets requires substantial capital buffers. As new entrants crowd in, maintaining adequate capitalization while generating competitive returns becomes increasingly challenging.
Talent wars: Success depends entirely on having the brightest minds developing your algorithms. The concentration of trading firms in places like Aarhus creates fierce competition for a limited pool of talent capable of building these sophisticated systems. From the perspective of any one of today’s big firms: do they have all the talent they need already? (With lots of AI: maybe). If not, can these incumbent Danish startups get the talent they need through immigration? And retain it? If not, those firms may lose out to new trading hubs that can more easily land immigrants (and close the deal, e.g., through clear pathways to citizenship, social acceptance of immigrants, etc). As our 2030 Cybersecurity Futures scenarios surfaced, human talent mobility may matter more than anything—especially if US scientists look to new opportunities abroad.
IV.
That’s the downside to investors. What about for the rest of society?
There’s a lot I could talk about here. Amplified price swings, phantom liquidity, regulatory capacity gaps… but let’s stick to what this substack treats best: cybersecurity.
Renewable energy trading creates a new point of interdependence between energy and the internet. Trading signals are sent over the internet, and these trading signals come from a variety of different sources, all of which could be manipulated, particularly with sufficient incentive and a lack of good regulation. The attack surface area expands—again.
Here are a few issues off the top of my head.
Trading systems are targets. Energy grids are already prime targets for cyberattacks. Now add a layer of highly automated, millisecond-response trading systems directly influencing those grids. These systems represent a new attack surface that didn't exist before. A sophisticated adversary might not need to directly attack power generation facilities if they can instead manipulate the trading algorithms that influence energy flows.
…as are their inputs. Why manipulate trading firms’ models when you can manipulate the data feeds they rely on? Even minor distortions in weather forecasting data or reported grid conditions could trigger predictable responses from trading algorithms, potentially destabilizing markets or causing physical effects on the grid. The right (wrong?) person at a state-backed APT could have a really fun week at the office figuring out how to engineer a big price swing. The more we automate decision-making, the more valuable these data feeds become as targets. And something tells me these data feeds are not as well-protected as we might hope…
Concentrated knowledge risk: As the FT article notes, many of these trading operations are packed with young, tech-savvy traders and developers working on proprietary algorithms. This creates a concentration of sensitive knowledge about our energy system's operation. What happens when these individuals move between companies, countries, or are recruited by adversarial interests?
Regulatory visibility gaps: If regulators are already struggling to monitor these systems during normal operations (as the ACM report suggests), how prepared are they to detect subtle cyberattacks disguised as normal algorithmic behavior? (If you can't explain why the algorithm made a decision in the first place, how would you know if it's been compromised?).
V.
I love dunking on traders. Academics always have a chip on their shoulder when it comes to finance. (“I could have worked Jane Street, but I decided to continue my PhD…”).
The truth is: these traders are probably doing something valuable: they’re smoothing supply imbalances in renewable energy markets, which makes renewable energy more affordable—for end-consumers, and for public-sector funds that would otherwise need to absorb the risk associated with volatility in these markets. The volatility in renewables supply creates profit opportunities that can align incentives toward predictable, lower-cost supply.
At the same time, these trades are likely introducing new classes of vulnerability into the energy grid. This doesn't mean we should abandon algorithmic trading. It means we should—quoting CLTC’s goal statements—amplify the upside risk of this technology, and manage its downside as best we can.
How?
Coordinated stress testing: Financial regulators already conduct stress tests on banks. Energy market regulators should develop similar frameworks for algorithmic trading systems. These tests should simulate both market shocks and targeted cyberattacks, forcing companies to demonstrate resilience before they can operate at scale.
Mandatory circuit breakers: Implement automated trading pauses triggered by unusual price movements or trading patterns. The financial markets learned this lesson after 1987's Black Monday—energy markets shouldn't have to learn it the hard way.
Supply chain security for data feeds: Create security standards specifically for the data pipelines feeding these algorithms. Weather forecasts, grid status reports, and other inputs should be subject to integrity controls that make tampering evident. Consider requiring multiple independent data sources for critical inputs.
Regulatory sandboxes with security focus: Rather than waiting for incidents to occur, regulators could create controlled environments where new trading algorithms can be tested against simulated attacks. This approach could help identify vulnerabilities without stifling innovation.
Cross-border cybersecurity cooperation: The concentration of trading expertise in Denmark presents both opportunity and risk. The EU could designate Aarhus as a center of excellence for energy trading security, bringing together regulators, companies, and security researchers to develop best practices.
Talent development with security emphasis: Universities near these trading hubs could develop specialized programs combining energy markets expertise with cybersecurity training. The goal: building a pipeline of professionals who understand both the trading systems and their security implications.
Algorithmic transparency requirements: While protecting proprietary elements, require trading firms to document and explain their algorithms' core decision-making principles to regulators. This would help distinguish normal volatility from manipulated outcomes.
Physical/digital separation standards: Establish clear boundaries between automated trading systems and the physical control systems of the grid. Critical infrastructure should maintain fail-safe mechanisms that can't be overwhelmed by market signals alone.
The renewable energy transition is too important to be derailed by preventable cybersecurity failures. By taking these steps now, while the "Silicon Valley of energy trading" is still developing, we have a chance to build security into these systems from the ground up rather than bolting it on later.