Cyber risk is climate risk
Mitigating climate change means doubling down on software and connectivity. And that means more than doubling up our cybersecurity risk.
The result of electrifying everything and scaling up renewable power generation is a growing inseparability between internet communication, software, and the physical movement of electricity. A Tesla isn’t just an electric car, it’s an internet car with over the air software updates. Nest thermostats don’t just save you money on heating and cooling bills, they are aggregated to lower power demand during peak hours of the evening. Residential solar rooftop installations don’t just have an on / off switch, they are controlled with an app from wherever. As control of electricity shifts more and more to a combination of software and internet based protocols, the risk of compromise scales even faster. Compromise in this case is not leaked personal information but malicious takeover and control of the movement of electricity. This type of attack is cyber-physical, bridging the gap between the internet and real world systems. To combat this cybersecurity risk we need to better quantify said risk when evaluating technology trade-offs, push for more private-public partnership on protections for the coming smart grid, and bias towards decentralization at every opportunity.
It’s not mere coincidence that electrifying old fossil based technology and increasing renewable power generation leads to more software and more internet communication. It’s the only path forwards at the moment. Renewable power is intermittent and utility scale battery storage has yet to become truly competitive. Therefore there’s a growing need to more efficiently manage power resources as well as distribute them across any given region. Both of which require increased coordination, which means more algorithms and more connection. Speeding up this process is the urgency that the climate crisis demands. There’s no time to wait for "just over the horizon" breakthrough battery technology. Renewables are being deployed at ever faster rates, and the electrification of everything is starting to take off. Without an easy way to store our renewably generated electricity, the only viable path is connecting everything to orchestrate an autonomous dance across time and space.
The concern about the growing risk of cyber-physical attacks as electricity goes online comes from the fact that traditional power plants which specifically try to separate their control systems from the rest of the internet have already been compromised in recent years. Andy Greenberg’s Sandworm provides a fascinating account of how Russia was able to remotely bring down Ukranian power plants multiple times. If critical infrastructure which strives to air-gap itself from the web can be taken down, then what confidence can we have in consumer-grade technology that will increasingly play a role in when and where electricity gets made and stored. Putting aside the vulnerability of internet based communication, there’s all the software that will serve as the orchestrator in our clean energy future. The code written to perform the dance across time and space will exponentially increase the surface area available to would-be attackers. Look no further than the recent SolarWinds hack for proof of this risk. The coming smart grid is critical to mitigating climate change, but its vulnerabilities could wreak havoc upon countless parts of our lives.
As one example of how these cyber-physical risks play out, consider the fleets of electric trucks and vans that are about to hit the streets. One report projects there will be 54,000 of these vehicles on the road in the US by 2025. If each of these vehicles has a modest 100 kWh battery, it adds up to 5.4 gigawatt hours of energy needed per night to charge them up. For comparison, that’s more than half of the output of a large coal-fired power plant...over the course of a whole year. Now imagine if the charging station software for a fleet of delivery trucks is hacked thereby giving attackers the ability to stop or start charging the trucks at will. Such control over even one fleet in a city could cause massive disruption to its grid, let alone the business of the company operating the fleet. While nothing like this has happened yet, there is research that maps out a feasible way to conduct almost exactly this type of attack. Thousands of large roaming batteries controlled by software and connected to the internet present a risk that we're not prepared for today.
To reduce the cyber risk that’s coupled with decarbonizing everything, the first step is to better quantify said risk and account for it when making decisions. It’s so early on that even the metrics to define what’s acceptable aren’t fully baked. Most of what can be found is still in the realm of research papers. Daniel Geer, a famous cybersecurity expert, has repeatedly pushed for the quantification of cyber-risk as connectivity and interdependency booms. We might never get to actuarial standards of risk measurement but even low-medium-high estimates for potential economic loss in the event of disruptions will be useful. The quantification of risk will allow for more meaningful comparisons when dealing with power generation or storage proposals. Consider closed loop pumped hydro systems (massive water batteries). Cost estimates for digging the reservoirs and filling them with water run in the billions making them infeasible to scale up today. However since they can operate without much connectivity, the risk of cyber-physical attacks will be low. Especially if the alternative for a decision-maker is for example reliance on vehicle-2-grid technology (EVs serve as batteries for the grid). That option should be more expensive when considering the risk of all the dependencies that could be hacked. These adjustments based on the potential for cyber-physical compromise may lead to significant shifts in the solutions chosen. The path to more quantification seems likely to come from the cyber-insurance industry as it expands further into renewable energy technology and distributed energy management. Not accounting for the true costs of “smart” solutions is foolish in the best case and disastrous in the worst.
Cyber-physical attacks have the potential to cause black outs across large swathes of the US. And the attacks most likely to cause such damage will not come from rogue hacker groups looking for a payday but state actors looking to destabilize the country. Given what’s at risk and who would most likely be responsible, government involvement is guaranteed. We also shouldn’t forget that the US itself undoubtedly has plans for such attacks against other nations. The point however is that when it comes to mitigating the risk of such attacks, private enterprise should work with government to address the worst case scenarios. An active partnership between the two is better than leaving the risk mitigation to just one or the other. Private enterprise shouldn’t have to bear the entire burden of preventing attacks launched by nation states. Nor should the government have a sole monopoly on those protections. What this relationship looks like is yet to be determined, but companies like Dragos already have connections into government agencies and may serve as a model for future iterations. Given the secrecy around cyber attack and defense, it’s not unreasonable to assume more of this public-private cooperation goes on behind closed doors already. Making such interactions transparent would be ideal but may very well jeopardize the success of the partnership. The stakes are too high and the geopolitical ramifications are too big to not have some level of cooperation moving forwards.
The most powerful strategy to mitigate the cyber-risk inherent in our climate solutions is to bias towards decentralization across every dimension. The world is still haunted by Windows vulnerabilities. We should not repeat past mistakes by relying on a single platform for the core systems that facilitate all of our power generation and storage. There’s a tendency in our current iteration of capitalism for individual companies to gain monopolistic market share and then never relinquish it. It’s a formula for disaster if services those companies then provide become compromised. Going back to the electric vehicle example, it's high risk for one company to dominate charging station infrastructure. Hacking their system would result in catastrophe everywhere. A healthy marketplace with shared standards but different technologies and approaches would prevent any single compromise from doing significant damage. That’s not to say decentralization is always better as in some ways it's easier to protect one power plant compared to thousands of rooftop solar installations. But again the over-arching tendency of our economy today is to reward consolidation and centralization, so pushing for the opposite at every turn serves as a check against the natural order of things. With sufficient decentralization across the control of technology and resources the risk of devastating cyber-physical attacks will be lowered.
There’s no viable alternatives to doubling down on software and connectivity as we tackle climate change but there is opportunity to ensure that we mitigate as much of the risk as possible. The strategies above may not be sufficient but are undoubtedly necessary. The scale at which climate solutions need to be implemented puts us at a disadvantage to start. More awareness and understanding of what could go wrong should serve to balance the odds as we move forwards. To quote Daniel Geer in Sandworm, dependence on a stable climate poses at least as much of an existential risk for humanity as dependence on stable computer networks. And the Internet has a time constant of change five orders of magnitude smaller than that of climate. Such is the challenge we face as we hurtle into the decade of climate mitigation.