Clean energy infrastructure is vulnerable to cyberattacks – the Biden administration has a plan to protect it

The Biden administration today released new priorities to protect clean energy infrastructure from potential cyberattacks.

Smart grids and EVs can bring great benefits when it comes to saving energy and reducing pollution. But as more parts of our lives become electric and digital, new cybersecurity challenges emerge. That’s why the Biden administration is releasing guidance today on how to keep new parts of our energy infrastructure safe from harm.

“We have a unique opportunity to upgrade our infrastructure – to get a little mulligan on some parts of our infrastructure that were never designed for the level of digital/physical convergence that our world is seeking,” Harry Krejsa, assistant national director of cyber, says .

In a fact sheet shared exclusively with The edge Before being publicly released, the Biden administration addresses five technologies it considers critical to the near-term success of a clean energy transition and that deserve extra attention when it comes to cybersecurity.

At the top of the list are the batteries needed to store renewable energy and ensure it is available even when sunlight fades and the wind dies down. Electric vehicles and charging equipment are also a priority, along with the batteries that power them. Then there are energy management systems for buildings – think smart thermostats, rooftop solar systems and even smart lighting systems. So-called distributed control systems are another related priority. This includes controls for community microgrids and virtual power plants that leverage collective energy storage from fleets of electric vehicles or solar batteries. Inverters and energy conversion equipment complete the list.

“Digitalization works both ways,” says Krejsa. On the one hand, it gives more control to home owners, businesses and network operators. It’s easier to adjust EV charging for specific times when renewable energy is most abundant, or turn on thermostats to save energy and avoid power outages during heat waves. But these tools can become weaknesses to exploit without robust protections in place.

President Joe Biden has already had to deal with criminal hackers targeting energy infrastructure during his term in office. A cyber attack in 2021 to switch off the Colonial Pipeline, the largest pipeline system for refined petroleum products in the US. The ransomware attack took the pipeline offline for five days, leading to gasoline shortage, higher prices at the pump and congested traffic outside gas seasons.

The Biden administration is also concerned about state-backed threats. The Department of Homeland Security has considered cyber threats posed by the People’s Republic of China (PRC) as a top priority for protecting critical infrastructure through 2025, in a guidance document was published in June. PRC-sponsored cyber group Volt Typhoon “compromised the IT environments of several critical infrastructure organizations,” including energy and transportation systems, according to a Department of Homeland Security advisory issued in February.

Protective measures can be as simple as maintaining good digital hygiene. Hackers reportedly used a compromised password to enter Colonial’s network in 2021. But there also needs to be more systemic safeguards.

The way energy systems work today transfers too much responsibility “to individuals, small businesses, local governments, frontline users who do not have the resources to mount an adequate defense against the most resourced and well-trained malicious actors in the world.” , Krejsa says. “It’s just not a sustainable way to architect this ecosystem.”

The information sheet released today points to the need to “safe by design principles” that “prioritize customer safety as a core business requirement.” The Biden administration also emphasizes the need to bring together different branches of government, along with companies, investigators and even hackers, to design and implement better protections. The Department of Energy launched the Energy Threat Analysis Center (ETAC) as a pilot public-private partnership in 2023, for example. And Krejsa spoke to The edge on a call from Las Vegas, where he is attending the Def Con hacker convention and “issuing a call to action and asking for help from the hacker community to say, ‘look at these priority technologies.’”

With everyone on board, the Biden administration’s cybersecurity roadmap includes drafting technical standards and implementation guidance for new energy technologies. It also prioritizes research and development and training a cybersecurity workforce.

With the country’s aging energy infrastructure already overdue for an overhaul to accommodate growing demand for electricity and new sources of renewable energy, it’s also a good time to implement a security upgrade.

“Where should we make investments in critical infrastructure? These are decisions that are happening right now,” says Nana Menya Ayensu, special assistant to the president for climate policy, finance and innovation. “When it comes to cybersecurity [we want] to ensure that this is a pillar of a more modern, more agile and digitalized energy system.”