Editor's Note: The following is a guest post from Ken Boyce, Principal Engineer Director Energy & Power Technologies at UL, and Karen Weigert, a senior fellow on global cities at the Chicago Council on Global Affairs.
An invisible force draws people to cities — an idea, the idea of a better life — and an invisible power illuminates our ideas. But an invisible attack, a cyberattack, might take it all away.
According to the Department of Homeland Security, the energy domain has suffered more malicious invasions of information technology than any other part of critical infrastructure in the U.S. The electric grid is increasingly part of our national security, and cities are on the front lines. But a revolution in technology and practice can make us all safer.
In 2003, a blackout on the East Coast — caused in part by a tree branch — lasted just two days but cost our economy $10 billion. In 2012, the devastation from Hurricane Sandy included a blackout where millions lost power, some for weeks. Recently, the ongoing and painful recovery of Puerto Rico from the 2017 hurricanes has been hampered by a damaged electric grid causing lingering human suffering.
Recent blackouts in Ukraine, however, were caused by cyberattacks. In 2015, 225,000 people in western Ukraine were plunged into darkness. A year later, a second cyberattack went directly after Kiev. In both cases the attackers had penetrated the computer systems. They were inside the grid planning their attacks for months before they struck.
These types of threats also hit close to home. In March, the United States accused Russia of concerted cyberattacks on the energy grid that serves us right now. The grid that is under threat in the United States and around the world is changing rapidly. In the traditional grid structure, a large power plant provides a significant amount of supply into a city. This one-way supply of electricity is created when it is needed.
Today, however, parts of cities themselves provide power and services in an increasingly interconnected grid. Energy assets, from solar arrays and energy storage systems, to gas plants and wind turbines, are being distributed and interconnected throughout the grid. And as the grid becomes a virtual energy internet, more and more assets are connected. They can be reached, activated and physically controlled from afar.
Globally we have reached a tipping point on connectivity. There are now more connected devices than there are people on earth, and last year we created more data than in all previous years of human existence combined.
More linked assets can create an "expanding attack surface" for cyberattackers. But more distributed assets can add protection to both cities and the grid. Each unique asset becomes less consequential as a target. How we manage cyber risks associated with connected, distributed energy assets will help set the course for the vibrancy and safety of cities.
Buildings are now interactive collaborators with the grid. They use energy but can also produce it with solar panels on their roofs, and store it locally with on-site batteries. Dynamically, buildings can change how much energy they use when the grid is under stress. They can reduce their demand, lowering carbon emissions and supporting grid health. And new grid pricing can pay buildings to do it.
Transportation is merging with the grid. Last year for the first time, over 1 million electric vehicles (EVs) were sold. As vehicles become electrified they need electricity but they can share it back using their batteries when the grid needs power. Suddenly millions of cars can become extended storage for the grid.
Ultimately, every building and every vehicle in every city may be part of a two-way grid. Electricity will be "of the people, by the people and for the people." These technologies can withstand and recover from outages, protecting cities with greater resilience. Like democracy itself, from many there is strength.
Solar panels can produce power on a roof, without drawing energy from the grid. Microgrids, small sections of a grid with their own power, can work independently of the grid when needed. Even EV batteries can provide energy while the broader grid no longer functions.
Instead of disabling one large power plant or one large transmission line, an attacker would need to knock out countless smaller assets. To secure these benefits and protect the grid and our cities, energy system security must start now.
- Let’s strengthen cyber defense on large existing assets. Even with the rapid growth of distributed energy resources, most of the energy supporting a large city still comes from outside its borders.
- Let’s scale components of resilience in every energy asset. The potential for distributed energy resources will be rooted in the many buildings and vehicles of our cities. The benefits need to be codified and scaled through the regulatory and management oversight of the grid. Developers of new grid-connected technologies will need to be engaged and their technologies tested.
- Let’s embed cyber expertise across all organizations in our cities. Cyber protection isn’t always glamorous, but cyber threats are volatile, always evolving. Constant vigilance on best practices like network segmentation, credential management and backup and restore procedures, must be strongly rooted. Every organization needs a strategy with rigorous implementation.
- Let’s invest in the cyber foundation of the future energy marketplace. The interconnected and distributed energy system that will be found throughout cities is creating services that can be valued, priced and traded. Cyber protections become uniquely important as the energy system starts to look more like distributed trading. We need more platforms that involve federal and state regulators, the energy industry, and city leaders.
The future of the world’s grid is decentralized, digitized and decarbonized. It will be democratized. And just as democracy can withstand the greatest attacks, so too can the grid that powers our cities.