The electrical grid in the U.S. is a network of power generation plants, transformers, wires, sensors, and poles that carry electricity far and wide. When we have power, we don’t give the grid much thought. But that is changing. Much of the nation’s grid is old, with the average age of power plants being over 30 years old and most transmission lines and transformers are over 25 years old. In that time period, much new technology has been added to the grid including solar and energy storage.
The U.S. Department of Energy (DOE) is taking seriously the potential threat of cyberattacks on our energy resources. In a speech at the State Department in early February, President Joe Biden announced an “urgent initiative” to improve U.S. capability, readiness, and resilience in cyberspace.
The Solar Energy Industries Association (SEIA) is continuing its effort to shore up the solar industry’s resilience against cybersecurity threats. Recently, SEIA and the Department of Energy Solar Energy Technologies Office (SETO) hosted a half-day virtual summit on the state of cybersecurity in the industry, with emphasis on how these threats must be taken into account from the initial design phase.
SEIA advises that it is more cost-effective to mitigate risks now than to pay the price after the fact by taking just a few, simple, low-cost steps for businesses to take to strengthen their cybersecurity and prevent future attacks, including password protection solutions, multi-factor authentication, and keeping software up to date.
Furthermore, SEIA advises that companies should proactively implement a strong data governance strategy. Data can fall into the wrong hands if it isn’t handled properly, and it is recommended companies dispose of older, unnecessary data. Tips for small business security can be found in the Cybersecurity and Infrastructure Security Agency’s (CISA) cyber security toolkit.
What is needed is an industry-wide approach. SunSpec and the Sandia National Laboratories lead a distributed energy resource (DER) Cybersecurity Workgroup to create an industry standard for cybersecurity from the competing frameworks. Interested companies can join the working group to contribute to the development of these critical industry standards and best practices.
Clean energy companies can join a public-private partnership to work together with other businesses and the government to identify vulnerabilities, triage cyber issues, and develop scalable solutions to secure the grid. The Department of Energy’s (DOE) Cyber Testing for Resilient Industrial Control Systems (CyTRICS) is one such partnership between many of the national labs and private businesses.
