September 29, 2015 By Douglas Bonderud 3 min read

Green energy is on the rise. According to the International Energy Agency (IEA), global dependence on renewable energy sources has increased steadily over the last few years. But as existing power producers and new players make the switch to solar-, wind- and water-powered alternatives, what happens to existing network borders? Are renewable resources the harbingers of new cybersecurity best practices?

Powering Up

Current power providers face a host of challenges when it comes to defending critical — and often national — assets. As noted by a recent PwC white paper, for example, energy companies are under threat from nation-states, malicious insiders, hacktivists and run-of-the-mill cybercriminals alike. Some are looking to steal data and make a profit, some want to destroy information and others are hoping to expose corporate secrets.

Making these attacks more worrisome is the triple threat of strict energy regulations, high-value intellectual property (IP) and aging technology concerns. No other industry faces the same level of compliance demands from federal agencies combined with the risk of devastating loss if the location of oil and gas fields are leaked or new specs for clean energy generation are made public. And specialized technology — now long in the tooth but still an integral part of energy systems — often contains multiple backdoors for attackers to open.

There are efforts under way to increase the cybersecurity of traditional and green energy providers. According to the Data Protection Report, the House Subcommittee on Energy and Power recently approved a proposed energy reform bill aimed at providing increased digital security for energy companies. Among the highlights is the creation of a voluntary Cyber Sense program, which would encourage the use of vetted and effective cybersecurity products.

There’s also the Energy Policy Modernization Act of 2015, which includes guidelines for the Secretary of Energy to carry out programs targeting “cyber-resilience component testing and operational support.” Real need already exists for this kind of reform: As reported by The Hill, the Department of Energy had its computer systems hacked more than 150 times over the past five years.

Going Green

The addition of green energy sources has the potential to muddy these waters even more. Adding solar cells or wind turbines to existing energy grids requires either significant changes to existing software controls or the addition of new, often cloud-based control protocols able to handle multiple energy inputs.

The problem? With energy companies and the federal government struggling to keep cybercriminals at bay, adding new devices to existing networks simply increases the total attack size. The issue is made more worrisome as companies turn to the use of Internet of Things (IoT)-enabled devices to help monitor energy performance. As noted by CSO Online, recent digital crime waves will spur IoT security spending to the tune of almost $29 billion by 2020 in an effort to lock down these new devices.

Green Energy Best Practices

So where does this leave CISOs and CSOs of energy companies looking to move beyond fossil fuels and take advantage of new clean energy initiatives? In some cases, at odds with federal best practices. While government proposals are now taking steps to encourage the use of cybersecurity products and regular testing, experts know this is just the beginning. Simply put, federal lawmakers have it backward: It’s always better to test first and implement later rather than rolling out new technologies and then playing catch-up with security.

For CISOs and CSOs, green energy cybersecurity best practices center around detection and isolation rather than defense and elimination. Just like retail companies and financial institutions, attacks on energy companies are a matter of when, not if. And as a result, companies must plan to fail in order to succeed: What’s the order of operations after an attack occurs? How quickly can designated teams respond, find the intruder, patch the vulnerability and isolate the damage? This kind of disaster planning forms foundational best practice in a world that’s going green — one that assumes breaches are an inevitable part of the energy production cycle but aren’t beyond the purview of IT professionals to manage and defeat.

Green energy offers the possibility of clean power. Cybercriminals, meanwhile, want to dirty corporate systems with data destruction, thefts and misdirection. Best bet? Design new best practices to suit emerging renewable resources.

More from Energy & Utility

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

The UK energy sector faces an expanding OT threat landscape

3 min read - Critical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2024.The energy sector is a favorite target for threat actors. The complexity of systems and the reliance on legacy OT systems make them easy prey. Because of the critical…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today