Cybersecurity + Reputation in Renewable Energy

The Renewable Energy industry is on a tear, and a good thing that it is. The Earth needs to decouple itself from fossil fuel dependancies as soon as possible. Many countries across the world are ramping up investments and plans surrounding renewable energy plants, tools; while power, the delivery of it and obviously the financing that functions around all of this new world are constant themes.

But what about the cybersecurity and reputational risks encountered by emerging companies in the renewable energy space that is simply exploding in scope and size daily? Are the companies focusing on getting the power to the customers, without thinking too much about the cybersecurity demands on their technology stacks, and how their nascent build ups can be tarnished by a hack? Are there critical infrastructure threats embedded in this new industry?

Unfortunately, yes.

As is the tradition with most new technologies, there is a race to market, and often security is a secondary thought. Only some vendors that supply industrial controls; or scada products to the renewable industry are supplying products with security first built in as a tech stack layer, not something added on at the last minute.

Digijaks CEO Alan W Silberberg

With almost all new technologies there are good and bad uses of them, depending on how they are deployed, and used. With renewable energy, everything seems so bright, and in a way it is. New technologies bring new forms of energy being transferred to power, being delivered to end users.

What happens when a wind farm gets hacked? What happens when a power converter scada control device gets hacked? The NREL (National Renewable Energy Laboratory) is now seeking cohorts for companies to supply the solutions to these questions. Which shows how serious an issue this is, both for the start up energy companies, and the grid operators alike.

There are significant cybersecurity and reputational issues for both startups and older companies competing in the renewable energy space. The US Energy Department has identified Solar as a specific sector already undergoing tremendous amounts of cybersecurity related intrusions, breaches and other issues. But this is true for wind, ocean energies and other renewable sectors as well.

At an ocean energy conference 3 years ago, the question was asked to all the inventors and financiers in the room what was being done to address the burgeoning cybersecurity and reputational threats focused at the renewable energy sector? The answer was basically silence. This is a recipe for real problems. Competitors, hostile foreign nation states and terrorists alike are actively attacking critical infrastructure already, what would make the renewable energy industry any different?

Digijaks Group has been dealing with cybersecurity and reputational issues in multiple industries for about 13 years. What we see is that the attacks on critical infrastructure are only increasing daily, not decreasing. As more and more renewable energy sources come online and start delivering power to end users, the sheer number of attack surface areas grows exponentially. It is not just industrial control systems, or scada equipment. It is not just control rooms, power convertors, or even the windmills, solar plants or hydro plants. It is about the 1s and 0s flying through the ether. The logic controlling all the chaos, tied to customer records, billing information and the grid itself.

We see many companies in their industries that are great at what they do, but when it comes to security issues, reputational issues, they usually are lagging behind. The renewable energy sector as a whole is facing a wake up call on cybersecurity and reputation. No small or even large company wants the news to blare “xyz company was hacked, information is still coming out…” about them. Ever. But the rush to market in the renewable space has created a bit of a perfect storm now, and it will only be a matter of time before a significant renewable energy startup gets hacked, and has to deal with the resultant reputational damage.