The Internet of Things (IoT) market will reach $267 billion by 2020, and the Institute of Electrical and Electronics Engineers reports that there will probably be nearly 30 billion devices connected to it by then. The energy industry will likely see a large and immediate impact due to integration with IoT technology through smart energy.
However, despite the advantages and innovations that the IoT will bring to the energy industry, there’s an obvious concern over safety and cyber security. In fact, the U.S. Dept. of Homeland Security reports that the energy sector faces more cyber-attacks than any other. Also, 83 percent of energy security professionals said they weren’t confident that their organizations had the ability to even detect all cyber-attacks they face.
(Editor’s note: Security issues with the Smart Grid and other Infrastructure implementations are key pieces of the IoT Security Certification workshop, beginning today at the IoT Evolution Expo at Caesars Palace in Las Vegas)
For example, the U.S Dept. of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has documented numerous attempts by Russia to infiltrate our energy infrastructure using malware in the past several years. In addition, Russia has also developed a cyber weapon that it can use to take down electrical systems that U.S. citizens depend on for daily life. Russia has already used the cyber weapon to take down critical electrical infrastructure in Kiev, causing massive and costly disruptions.
Where cyber security problems begin for smart energy
Part of the problems with the current state of our energy cyber security is the use of outdated software and hardware. This leaves infrastructure vulnerable to sophisticated hackers who’ve already learned how to infiltrate old security protocols. Also, vast swaths of the IoT itself may be designed without security in mind, leading to vulnerabilities when energy infrastructure is connected to it.
For example, many IoT devices come with generic default passwords that aren’t always changed by their owners and that are already well known to hacker networks. There are estimates that up to 15 percent of IoT device owners don’t change these default login credentials at all, leaving them vulnerable to being hacked at all times. Hackers can use networks of compromised IoT devices to create botnets that use their collective force to overwhelm cyber security systems, including those that protect energy infrastructure.
Furthermore, most information including sensitive and valuable energy data is stored in centralized locations. This means that a hacker merely has to compromise that location’s security protocols to have access to all the data stored there, like a thief cracking a safe.
Blockchain technology as a smart energy cyber security solution
The U.S. Dept. of Energy estimates that nearly $250 million has been spent in the past five years to create new tools and technologies to combat hackers and promote cyber security.
One example of recently developed cyber security technology is blockchain. This technology became prominent with the rise of cryptocurrency such as bitcoin. It works by creating a transparent and permanent database that can’t be corrupted because there’s no centralized data storage. PricewaterhouseCoopers (News - Alert) reports that decentralized storage of energy data using blockchain technology can lead to greater security.
In addition, blockchain technology can provide security benefits to the energy sector in the following ways:
Tamperproofing – It can be extremely difficult to change data in a blockchain, and this undermines cyber-attacks such as man-in-the-middle attacks.
Peer-to-peer communications – Intermediaries are eliminated from data transactions making data easier for users to access and harder for hackers to corrupt or erase.
Enhanced data management – Blockchain users have greater flexibility over which data to make transparent and which to encrypt, leading to greater overall data security.
Encrypted data to third parties – Data that has been encrypted can be sent to third parties without decrypting it, thus maintaining its security integrity throughout the process.
Cyber security concerns must be at the forefront of our thought processes as we consider how to protect the grid while enjoying the benefits of smart energy technology. Otherwise, we place ourselves at risk for damage to critical infrastructure and other energy sector assets including energy data.
About the Author: Kevin Williams is the CEO of WISE Distributed Energy, a deep-tech Internet of Things (IoT) company with energy storage capabilities based in the Silicon Prairie. He has been a principal in several start-ups and has consulted with business owners at many levels. For more information and to find out to how license WISE technology, visit http://www.willcoenergy.com.