Following COP26, cybersecurity must be a central piece of the energy transition

Technology has dramatically changed the energy sector in the six years since the Paris Climate Agreement was signed. Countries and businesses renewed commitments to climate action at COP26 against a backdrop of booming investments and surging deployments of clean energy technologies. The price is finally right for clean energy technologies, making it possible to accelerate decarbonization even while economies grow. Meanwhile, innovations in cybersecurity are arriving just in time to ensure the clean energy transition is truly sustainable. Building a sustainable clean energy economy requires that policymakers and infrastructure operators take seriously the growing linkage between climate security and cybersecurity, and work together to scale up and mature cyber resilience. To do otherwise would leave energy infrastructure—and the clean energy revolution—vulnerable to the whims of malicious actors.

The Paris Agreement demonstrated the political will to take on climate change, and the years since have shown that the market can and will answer the engineering challenges. With today’s technologies, variable energy sources can seamlessly synchronize with national grids. Buildings, cities, and industries can optimize consumption for lower costs and lower emissions. Innovation has driven down the costs for renewables and efficiency optimization. For example, the cost of utility-scale solar power dropped 51 percent from 2015 to 2021. For many energy companies, aligning business strategies with climate protection used to mean increased costs, but today means increased profits.

With that shift, the transition to clean energy has accelerated dramatically. In 2020, BNEF’s measure of investment in decarbonization surpassed $501.3 billion worldwide for the first time, and is on track for an even bigger year in 2021.

This transition is made possible by many variations on a common theme: physical equipment is now digitally managed. For example, the pitch of a wind turbine blade responds to the speed of the wind, while algorithms determine whether the resulting electricity should be pushed into the grid or stored. Automation like this enables a handful of workers to operate and maintain huge industrial systems and sprawling supply chains, further enhancing the cost-benefit math for companies and shareholders.

All this progress gives reason for optimism, even as it creates a new set of pressures for energy companies. The digital backbone of the clean energy transition means cybersecurity must be part of sustainable energy systems. In the same way that turbine design must account for friction, and power substations need security fences, a sustainable energy future needs to build in cybersecurity by design. Operators need the ability to monitor their equipment, detect intrusions, and defeat attackers.

Around the world, the status quo is chronic underinvestment in cybersecurity for the energy sector. For years, surveys of industrial and utility-sector cybersecurity officials have shown escalating threats against operating technologies, the physical equipment that produces energy and fuels. The same surveys show a consistent underinvestment in training cybersecurity analysts and deploying defenses. Continuing this mismatch of escalating threat and underinvestment in security jeopardizes the clean energy future.

The good news is that, in the years since the Paris Agreement, cybersecurity has advanced significantly. In an echo of the wider energy transition, the market is poised to provide new technologies that enable a handful of analysts to secure huge and growing clean energy systems. Advancements in artificial intelligence increasingly enable automation to account for the variable conditions and complex, interconnected systems that characterize energy infrastructure. National governments should assist in advancing cybersecurity maturity by investing in research and development, and by developing frameworks that encourage innovations and drive down the costs of cybersecurity.

With increased automation and more powerful analysis, the cost-benefit math enables cybersecurity to ramp up, even as costs ramp down. Until recently, a cybersecurity team that detected an intrusion in an industrial network had few options for pinpointing the extent of the breach. As the operators of Colonial Pipeline learned the hard way, many business leaders faced with a breach today must choose between broad shutdowns of all assets to purge intruders or continued exposure to an ongoing attack. Deploying today’s cutting-edge technologies can make that choice more nuanced. Monitoring and detection technologies provide the visibility needed to accurately pinpoint the source of anomalies and trace suspicious actions. Detecting attacks earlier and gaining insight into their scope means containment and recovery efforts can be right-sized to minimize impacts on production, reducing exposure to attacks and keeping energy flowing. Private and public sector leaders should strive to ensure that such technologies are broadly deployed and continually updated.

All of these developments—the demand for clean energy, the decreased cost of low-emissions technologies, and the cybersecurity innovations for sustaining the energy transition—bode well for the decades ahead. As leaders in the public sector seek to continue and accelerate the trend toward zero-emissions, investments in cybersecurity will determine whether energy technologies provide the clean energy revolution with a strong foundation or an Achilles heel.

Leo Simonovich is the vice president and global head of industrial cyber and digital security at Siemens Energy.

Learn more about the Global Energy Center

Image: Data stream illustration. (Yurchanka Siarhei, Shutterstock, Standard Image License)