Highlighting the urgent need to address grid vulnerabilities, the U.S. Dept. of Energy and the National Renewable Energy Lab have launched a cybersecurity innovation program to support the country’s rapid clean energy transition.
The Clean Energy Cybersecurity Accelerator will feature federal experts, leaders in the energy sector, and innovators to develop new cybersecurity solutions. U.S. Deputy Secretary of Energy David Turk said the program will support efforts to modernize the grid.
“The transition to a clean energy economy will require groundbreaking cyber solutions to strengthen America’s grid security, protect our energy infrastructure, and address the increasing threat of extreme weather events across the country,” Turk said. “We are grasping the opportunity to build a grid that can dispatch historic amounts of renewable energy across the country while addressing grid vulnerabilities and positioning America for a clean energy future.”
NREL’s 20 MW advanced energy system will be used to test cybersecurity solutions that emerge from the program.
Attention on cybersecurity in the energy sector has been heightened by attacks against SolarWinds and the Colonial Pipeline. In an executive order signed on May 12, Biden called on the private sector to lead on advances in information technology (IT) and operational technology (OT), arguing government regulation isn’t enough to thwart the attempts of bad actors.
Ian Bramson, the global head of industrial cybersecurity at ABS Group, and a risk management adviser to the energy sector, said renewable energy providers, developers, and asset owners face an increased risk of attacks because of gaps in cybersecurity plans.
“There’s a lot more new technology in renewables than in many of the other sectors. Well, attackers feed off technology,” Bramson told Renewable Energy World in an interview. “When things are growing rapidly, it’s very hard to manage the cybersecurity risk.”
Most organizations have IT nailed down, Bramson said, but are severely lacking in OT protections.
“The OT side, there’s a giant lag behind the IT side,” he said. “Most companies on the OT side can’t answer my first question: do you know what assets you need to protect?”
Join us! Cybersecuring the grid for the energy transition will be part of the content offered at DISTRIBUTECH INTERNATIONAL in Dallas from Jan. 26-28. Register today.
Bramson outlined 4 key pieces to a renewable energy cybersecurity plan:
Asset inventory”You need to figure out an automated way (to inventory assets that need cybersecurity protection). When you’re expanding and growing, even that basic step is a challenge — it’s not always done.”
Vulnerability management”Where are my holes? Any time you connect with anything, there’s a point of attack– both ways. What are you connected to?”
Configuration management or management of change”If a bad guy wants to change something, he’s going to change a configuration of how something works in that system and so you’re going to have to know if there’s an unauthorized change going on.”
Monitoring”You need to understand if something (bad) is happening.”
“Sometimes, people skip to the monitoring piece but all of those pieces fit together,” Bramson said. “If an attack happens and I have a great asset inventory and I know what they’re going to attack next, I’m a lot faster in my response than if I just have one piece of that equation.”
Watch the full interview with ABS Group’s Ian Bramson and Renewable Energy World’s John Engel.