Adrian Crawley, VP of Synack’s EMEA region, looks at the challenges ‘green’ measures place on cybersecurity protections, vehicle safety, data, city planning, personal information and payments and how a collaborative approach is needed to overcome them
President Joseph Biden wasted little time pushing an ambitious climate agenda to overhaul American energy policies, invest in green jobs and reduce American reliance on fossil fuels. Since taking office in January, he paused offshore drilling licenses and pledged to re-join the Paris Agreement to limit global warming. The president still needs the support of a divided U.S. Congress, but clearly, America is on the cusp of a green energy boom.
The UK is pursuing a similar green future with ambitious plans to build more sustainable cities that run on smart, connected technologies. Chancellor of the Exchequer Rishi Sunak said his recent budget will help “unlock innovation in renewable energy and help us develop the cutting-edge technology we need to reach net-zero.”
While the efforts in the UK and in the U.S. are incredibly promising, both initiatives raise serious and troubling questions about cybersecurity and how policymakers are planning to secure a more digitally connected future.
The SolarWinds hack was just the latest example of how nation-state hackers can attack the global supply chain and infiltrate utilities. That hack affected the U.S. Department of Energy, U.S. National Laboratories and the U.S. Federal Energy Regulatory Commission — as well as U.K. government agencies and private companies. In February, more troubling news surfaced of criminal hackers attempting to tamper with the water supply in Florida. And, in April 2019, an American solar and wind provider reportedly “lost connection with its power generation installations as a result of a cyberattack,” according to ZDNet.
But unfortunately, cybersecurity hasn’t been enough of a priority for policymakers and clean energy producers, setting up both the U.S. and the UK for a future in which malicious hackers are able carry out even more successful attacks on solar and wind operators, battery suppliers and operators throughout the clean energy supply chain. Jim Guinn, the global managing director for cybersecurity in energy, chemicals, utilities and mining at Accenture, recently told E&E News, a leading energy industry publication, that “[t]he cybersecurity conversation in the renewable energy engineering and construction business is almost nonexistent today.”
That’s an alarming statement. It should be deeply concerning to anyone working on clean strategies. If cybersecurity testing isn’t baked into the earliest stages of developing these new technologies, we’re building an insecure future, leaving the door open for more troubling hacks such as SolarWinds or attacks from cyberespionage groups such as Dragonfly that already successfully infiltrated Western energy providers.
There’s no escaping the fact that any form of digital infrastructure — smart cities, electric cars and charging ports, and internet-connected devices that will become more tied into the grid than ever before — will vastly expand the global threat surface. The UK’s ‘Build Back Better’ relies on smart sensors and other internet-connected devices. It’s a future powered by apps, connected traffic lights, emissions sensors and electric car charging stations. And every bit of that infrastructure could potentially contain a vulnerability that a hacker could take advantage of to carry out an attack.
It may seem like a daunting — or even impossible — challenge to secure all of these new gadgets, devices and the software that will underpin a cleaner future. But it’s not when safety and security is a consideration at the beginning and throughout the entire development lifecycle. The automotive industry is a prime example of this approach. Carmakers consider safety and security throughout the production process and within every component of the most advanced automobiles — from brakes to infotainment systems. If the highly regulated automotive industry wasn’t meeting these standards, lives would be lost.
The same could be said for a more connected future. Cybersecurity should be paramount within any new clean energy initiative. This means taking advantage of platforms that can provide thorough, on-demand testing. It means utilising the sharpest minds in cybersecurity who can root out vulnerabilities early in the process. And it means that stakeholders should work together, share resources, and exchange information about fixing weaknesses across the green energy landscape.
We can’t wait to think about cybersecurity after green technologies are deployed. At that point, it’s too late. We have to consider these issues now. We need innovative and proactive approaches to cybersecurity that will make smarter and cleaner cities more sustainable, liveable and reliable — it’s what we need to ensure we can truly overcome the climate crisis the world faces today.