Webinar Recap: Nation-State Adversaries, Extortionists, and Insider Threats
SunSpec Alliance recently hosted a webinar focusing on the critical issues of cybersecurity threats posed by nation-state adversaries, extortionists, and insider threats. The session featured prominent speakers including Simon Chassar, former Chief Revenue Officer of Claroty; Michael Rogers, retired four-star admiral and former director of the NSA; Ross Young, CISO at Team8; and Tom Tansy, CEO of DER Security Corp. Each speaker brought a wealth of experience and expertise, providing a comprehensive examination of the current and future landscape of cybersecurity in distributed energy resources (DER).
Key Takeaways
The Evolving Threat Landscape
Michael Rogers began the discussion by delving into the evolving threat landscape, particularly emphasizing the significant risks posed by nation-states. He cited “Bolt Typhoon,” a Chinese cyber operation targeting the US power grid, as a stark example of the increasing boldness of nation-state actors. Rogers highlighted that such operations, traditionally associated with wartime scenarios, now represent the everyday reality of cybersecurity threats. He stressed the importance of proactive measures, advocating for building cybersecurity into system designs from the outset rather than as an afterthought.
Simon Chassar expanded on this by discussing Bloomberg’s projections that renewable energy sources like solar, wind, and storage will dominate future power generation. He highlighted the cybersecurity risks associated with these new infrastructures, noting that the complexity and interconnectedness of these systems make them attractive targets for cyber adversaries. Chassar emphasized the necessity of regulatory-driven cybersecurity solutions to protect these critical infrastructures.
Motivations and Strategies of Cyber Adversaries
Ross Young provided a detailed overview of the motivations behind cyber adversaries targeting DER systems. He outlined three primary motivations: stealing power, intercepting payments, and executing ransomware attacks. Young explained that attackers could compromise EV chargers to steal electricity, intercept payment systems for financial gain, or deploy ransomware to disrupt operations and extort money from companies. He drew parallels to previous attacks on critical infrastructure, such as the Colonial Pipeline incident, to illustrate the potential impact of such threats.
SunSpec Alliance is the information standards and certification organization for the Distributed Energy Resource (DER) industry. SunSpec communication standards address operational requirements of solar and energy storage on the smart grid.
Tom Tansy discussed the benefits and challenges of standardizing devices and communication systems in the DER sector. While standardization can create defensible systems by providing uniformity, it also presents opportunities for adversaries to exploit vulnerabilities. Tansy pointed out that adversaries are increasingly targeting power systems directly, manipulating them to cause disruptions and achieve their goals. He emphasized the need for ongoing innovation in security measures to stay ahead of these evolving threats.
Comprehensive Cybersecurity Measures and Regulations
The panelists unanimously agreed on the necessity of comprehensive cybersecurity measures that extend beyond basic compliance. Michael Rogers and Tom Tansy advocated for a risk-based approach to prioritize critical components of the power infrastructure. Rogers emphasized the importance of real-time oversight and robust incident response plans to maintain situational awareness and quickly address any disruptions.
The discussion also highlighted the current regulatory landscape, noting that the US lags behind other countries like the UK in implementing stringent DER cybersecurity policies. The panelists called for federal and state regulations to comprehensively address these vulnerabilities, ensuring that DER systems are adequately protected against sophisticated adversaries.
Incident Response and Recovery
Young and Rogers elaborated on the importance of real-time oversight and the need for robust incident response plans. They discussed the challenge of maintaining situational awareness across a widely dispersed energy infrastructure, where millions of connection points and recharging stations need to be monitored. Young emphasized that technology ages like milk, not wine, meaning it deteriorates over time and requires continuous updates and improvements to remain secure.
Tansy added that redundancy and the capability to harness distributed energy resources effectively are crucial for resilient power systems. He cited real-world scenarios where DER played a critical role in maintaining power supply during emergencies, such as during wildfires in San Diego. Tansy emphasized the need for policies that allow for over-generation and storage of power to ensure stability and reliability in times of crisis.
Future of Cybersecurity in DER
The panelists concluded the webinar with discussions on the future landscape of DER and cybersecurity. They emphasized the critical need for ongoing innovation in security measures and the importance of industry collaboration to protect these systems. Rogers suggested that consumer behavior could be incentivized to demand higher cybersecurity standards, similar to how safety features in cars became market differentiators.
SunSpec Alliance is the information standards and certification organization for the Distributed Energy Resource (DER) industry. SunSpec communication standards address operational requirements of solar and energy storage on the smart grid.
Q&A Highlights
Role of AI in DER Security: The panelists were cautious about fully deploying AI for DER fleet management due to potential risks of AI “hallucinations.” They agreed that AI could play a supportive role but emphasized the need for human oversight to ensure reliability and security.
Foreign-owned DER Fleets: Concerns were raised about DER fleets owned and operated by foreign entities. The panelists discussed the potential risks of geopolitical leverage and the need for federal regulations to mitigate such threats. They drew parallels to how countries like China restrict foreign technology in sensitive areas and suggested that similar measures might be necessary to protect the US power infrastructure.
Closing Statements
Rogers highlighted the massive implications of the evolving energy model and called for increased awareness and proactive cybersecurity measures. He emphasized that as the US pivots to a distributed energy model, it is essential to understand and mitigate the vulnerabilities inherent in these systems. Rogers advocated for using crises as opportunities to demonstrate the importance of robust cybersecurity measures.
Young reiterated the need for industry-wide collaboration and immediate action to address cybersecurity challenges. He stressed that the shift to renewable energy and distributed energy resources is inevitable, and the time to implement comprehensive security measures is now.
Tansy concluded by emphasizing the importance of not letting regulatory complacency hinder progress. He pointed out that the game is on, and there is no turning back from the path of electrification and distributed energy resources. Tansy called for proactive efforts to develop and implement security solutions to ensure the reliability and safety of these systems.
Final Thoughts
The webinar underscored the urgent need for robust cybersecurity strategies to protect critical energy infrastructures from sophisticated adversaries. The discussions provided valuable insights into the current threat landscape and emphasized the importance of integrating cybersecurity into the core design of energy systems. As the energy sector continues to evolve, industry collaboration and proactive measures will be key to ensuring the security and resilience of distributed energy resources.
