Our definition of "energy security" continues to evolve.
During World War II, energy security meant access to oil for our fighting troops. Years later, the 1970s oil crisis highlighted our supply risk with the Middle East.
After September 11, 2001, with terrorism at the top of Washington’s agenda, the U.S. connected energy to national security, taking steps like fortifying entrance points to nuclear power plants and natural gas storage facilities and building added physical protection for our electric grid infrastructure. Last week’s gunfire attack on PG&E’s San Jose substation was likely the type of event they were anticipating.
By 2009, with stimulus dollars funding new smart grid rollouts, reports highlighting the new risk of cyberterrorism for our electric grid surfaced. A group of senators and congressman pushed to get the Department of Homeland Security and FERC involved, setting standards to better protect the sector.
In his 2012 book Quest: Energy, Security and the Remaking of the Modern World, Pulitzer Prize-winning author Daniel Yergin detailed this emerging risk, calling it ”cyber-vulnerability.”
This is the energy security theme that is becoming more visible in 2014.
Cyber threats are not new. What’s new is the acknowledgement of risk to new networks being utilized for energy-related systems. All it takes are a few events to get an issue on top of everyone’s agenda.
A decade ago, the U.S. was busy constructing a second layer of barbed wire fencing around nuclear plants. But the 2010 Stuxnet worm attack, which specifically targeted Iran’s nuclear infrastructure through Siemens energy control systems, showed that fences are no longer the way to achieve true security.
The recent revelation that data about 70 million Target customers was compromised via an HVAC vendor’s network was revealing. The HVAC contractor later clarified that back-door network access came not through an HVAC monitoring system, but through access to Target’s vendor portal for billing and project management. However, the most telling quote was the contractor’s description that the level of security protection was “industry standard.”
At Groom Energy, we’ve seen our customers increasingly point us toward installing completely separate networks for energy management applications. Corporate IT doesn’t like providing access for outside vendors, and building management teams prefer to avoid the battle. While installing secondary networks adds cost, the latest wireless HVAC, lighting, metering and energy monitoring systems are now designed to operate on a standalone basis and bring lower installation costs than even just three years ago.
Our friend Paul Baier, VP of Products at First Fuel, tells us that his company is also seeing more security audit requirements from its utility and corporate customers. While First Fuel only needs access to monthly interval cost and consumption data for its energy audit and monitoring application, customers are now holding the company accountable to the security standards associated with personally identifiable information.
Security challenges become even more daunting in the residential market, as smart meter and internet-based thermostat installations roll on. In this space, mom and dad are the IT security consultants.
Residential smart meters have already sparked health, safety, privacy and fire-risk concerns. Now folks are publishing how-to guides on hacking these newly installed digital meters.
Consider the Nest thermostat. Google’s Nest system already has perpetual internet access to over 1 million homes. Back-end network access could potentially provide open visibility to all of the home’s computers, entertainment systems and mobile devices.
In a world with so many systems at risk for cyberattacks, energy technologies are becoming some of the newest targets. These systems need to get the attention they deserve.
***
Jon Guerster is CEO of Groom Energy Solutions.