The Biden administration released new priorities today for safeguarding clean energy infrastructure from possible cyberattacks.
Smart grids and EVs can have big benefits when it comes to saving energy and cutting down pollution. But as more pieces of our lives become electric and digital, new cybersecurity challenges arise. That’s why the Biden administration is releasing guidance today on how to keep new parts of our energy infrastructure safe from harm.
“We have a once in a generation opportunity to refresh our infrastructure — to get a bit of a mulligan on some parts of our infrastructure that were never designed for the level of digital / physical convergence that our world is hurtling towards,” Harry Krejsa, assistant national cyber director, says.
In a fact sheet shared exclusively with The Verge before being released publicly, the Biden administration homes in on five technologies it deems critical to the near-term success of a clean energy transition and that deserve extra attention when it comes to cybersecurity.
At the top of the list are batteries needed to store renewable energy and make sure it’s available even when sunshine fades and winds die down. Electric vehicles and charging equipment are also a priority, along with the batteries that power them. Then there are energy management systems for buildings — think smart thermostats, rooftop solar systems, and even smart lighting systems. So-called distributed control systems are another related priority. That encompasses controls for community microgrids and virtual power plants that harness the collective energy storage of fleets of EV or solar batteries. Inverters and power conversion equipment round out the list.
“Digitization cuts both ways,” Krejsa says. On the one hand, it gives home and business owners and grid operators more control. It’s easier to adjust EV charging to specific times when renewable energy is more abundant or to turn up thermostats to save energy and avoid power outages during heatwaves. But those tools can become weak points to exploit without robust protections in place.
President Joe Biden has already had to cope with criminal hackers targeting energy infrastructure during his term in office. A cyberattack in 2021 shut down the Colonial Pipeline, the largest pipeline system for refined oil products in the US. The ransomware attack took the pipeline offline for five days, leading to gasoline shortages, higher prices at the pump, and gridlocked traffic outside of gas stations.
The Biden administration is also worried about state-backed threats. The Department of Homeland Security named cyber threats posed by the People’s Republic of China (PRC) a top priority for protecting critical infrastructure through 2025 in a guidance document it published in June. PRC-sponsored cyber group Volt Typhoon has “compromised the IT environments of multiple critical infrastructure organizations” including energy and transportation systems, according to a Department of Homeland Security advisory issued in February.