By: Kevin Williams
Categories: Cool Tech
The Internet of Things (IoT) market will reach $267 billion by 2020, and the Institute of Electrical and Electronics Engineers reports that there will probably be nearly 30 billion devices connected to it by then. The energy industry will likely see a large and immediate impact due to integration with IoT technology through smart energy.
However, despite the advantages and innovations that the IoT will bring to the energy industry, there’s an obvious concern over safety and cyber security. In fact, the U.S. Dept. of Homeland Security reports that the energy sector faces more cyber-attacks than any other. Also, 83 percent of energy security professionals said they weren’t confident that their organizations had the ability to even detect all cyber-attacks they face.
Integrating the IoT with critical energy infrastructure requires focusing on security as a starting point. That’s because there are many looming and immediate threats to our energy security which are only complicated when you factor in the security issues present in the IoT.
For example, the U.S Dept. of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has documented numerous attempts by Russia to infiltrate our energy infrastructure using malware in the past several years. In addition, Russia has also developed a cyber weapon that it can use to take down electrical systems that U.S. citizens depend on for daily life. Russia has already used the cyber weapon to take down critical electrical infrastructure in Kiev, causing massive and costly disruptions.
Foreign powers may perceive more value in espionage than in overtly destructive actions to the grid, but that doesn’t preclude the possibility that a lone hacker couldn’t also attempt to take down a power grid by remotely connecting to a smart meter to wreak havoc as well. Suffice to say that the benefits of smart energy bring large risks that we need to address.
Part of the problems with the current state of our energy cyber security is the use of outdated software and hardware. This leaves infrastructure vulnerable to sophisticated hackers who’ve already learned how to infiltrate old security protocols. Also, vast swaths of the IoT itself may be designed without security in mind, leading to vulnerabilities when energy infrastructure is connected to it.
For example, many IoT devices come with generic default passwords that aren’t always changed by their owners and that are already well known to hacker networks. There are estimates that up to 15 percent of IoT device owners don’t change these default login credentials at all, leaving them vulnerable to being hacked at all times. Hackers can use networks of compromised IoT devices to create botnets that use their collective force to overwhelm cyber security systems, including those that protect energy infrastructure.
Furthermore, most information including sensitive and valuable energy data is stored in centralized locations. This means that a hacker merely has to compromise that location’s security protocols to have access to all the data stored there, like a thief cracking a safe.
The U.S. Dept. of Energy estimates that nearly $250 million has been spent in the past five years to create new tools and technologies to combat hackers and promote cyber security.
One example of recently developed cyber security technology is blockchain. This technology became prominent with the rise of cryptocurrency such as bitcoin. It works by creating a transparent and permanent database that can’t be corrupted because there’s no centralized data storage. PricewaterhouseCoopers reports that decentralized storage of energy data using blockchain technology can lead to greater security.
In addition, blockchains can provide security benefits to the energy sector in the following ways:
Tamperproofing – It can be extremely difficult to change data in a blockchain, and this undermines cyber-attacks such as man-in- the-middle attacks.
Peer-to- peer communications – Intermediaries are eliminated from data transactions making data easier for users to access and harder for hackers to corrupt or erase.
Enhanced data management – Blockchain users have greater flexibility over which data to make transparent and which to encrypt, leading to greater overall data security.
Encrypted data to third parties – Data that has been encrypted can be sent to third parties without decrypting it, thus maintaining its security integrity throughout the process.
Cyber security concerns must be at the forefront of our thought processes as we consider how to protect the grid while enjoying the benefits of smart energy technology. Otherwise, we place ourselves at risk for damage to critical infrastructure and other energy sector assets including energy data.