Cyberattacks and the Clean Power Plan

What does a Jeep being hacked have to do with the Clean Power Plan? As it turns out, more than you would think.

The Obama Administration’s Clean Power Plan aims to cut carbon dioxide emissions by 32 percent below 2005 levels by 2030, shut down hundreds of coal-fired power plants, freeze construction of new coal plants, and increase the production of wind, solar and other renewable energy sources. This sweeping energy policy supports and strengthens many of the ongoing grid modernization and clean energy efforts moving forward in some states and at utility companies.

If the plan survives the various legal challenges that are expected, it would undoubtedly act as a catalyst to move the nation’s energy industry forward quickly and aggressively. The regulations are a boon for the renewable energy sector and will push states to increase their clean energy production and take steps to modernize their grids.

Herein lies both the opportunity and the challenge. A core component of the Clean Power Plan – modernizing our existing electric distribution grid -will inevitably mean increased technology-networked utility assets, and potentially greater risk of cyberattacks on critical energy infrastructure. At Utilidata, we work with utility companies like Pacific Gas & Electric and American Electric Power, and we have seen how modernization and energy efficiency efforts improve the power grid.

As the final Clean Power Plan was announced, the U.S. Environmental Protection Agency, Department of Energy and Federal Energy Regulatory Commission outlined plans for inter-agency coordination to ensure the Clean Power doesn’t affect the reliability of our electric system. Ensuring continued reliability is essential, and the same kind of coordination needs to happen to ensure that efforts to meet Clean Power Plan goals don’t create cyber risks.

Cybersecurity is certainly not a topic foreign to our legislators and industry leaders. With cyberattacks like the massive Office of Personnel Management (OPM) breach or those at JP Morgan-Chase and Target making headlines, the American public is pressuring Congress and the private sector to take action. But what we’ve learned from watching advances in other industries is that cybersecurity is impeded when agencies and companies are reactive and playing catch up. Like the financial sector, the auto industry and retailers, the energy sector is currently primed to follow a similar path.

Consider the recent hack of a Jeep that made national news. In late July, a senior editor at WIRED explained how hackers managed to take control of his Jeep as he drove down the highway. Thankfully, this was an experiment, not a bona fide hack. It was exercise to see if the hackers could infiltrate and control the car through the entertainment system – and they could. This highlights the gap between technology and the security employed to protect it.

The National Highway Traffic Safety Administration is monitoring new technologies in cars and encouraging information sharing within the auto industry, but as the New York Times suggested in an editorial this weekend, there’s a need for basic security standards to ensure that wireless systems cannot be used to control a vehicle’s engine or brakes. While GPS, satellite radio and other technologies are advances that auto owners have widely embraced, the technology has far surpassed efforts to secure it.

Our electric grid functions in a similar way, with a disconnect existing between the IT teams who control electronic data systems on the grid, security officers who protect physical equipment, and the operations teams who ensure safe, reliable power.

With the Clean Power Plan, we have an opportunity to move the energy industry forward without making the same mistakes of the past. An attack on the grid, combined with technological advances and networked assets, could wreak havoc on our country. It’s a national security threat that would put lives and our economy in danger. A cyberattack on the U.S. power grid could cost $1 trillion, according to a recent Lloyd’s of London report. All the technological advances and improvements in efficiency unfortunately won’t matter if we don’t have a functioning grid to rely on.

States policy makers, regulators, utility executives, software companies and many more stakeholders are building plans to guide the next decade and a half of energy progress in this country. It is incumbent on all those involved that cybersecurity be an integral part of those plans and energy advances, rather than a band-aid to slap on when problems arise.


Scott DePasquale is Chairman of the Rhode Island Cybersecurity Commission and CEO of Utilidata, a global software company working with utilities to redefine energy efficiency, reliability and grid security.

Morning Consult