The risk of a cyber-attack that will take down the power system is seriously underestimated, writes financial energy specialist Gerard Reid. To prevent future disaster, we need to build a completely new power system. Reliability is not anymore about the “average minutes of downtime per year”. Courtesy Energy and Carbon blog.
There is a lot of talk of cyber-security in the media and nearly all of us have had experience with computer viruses or have been in some way affected by a cyber-attack, but for most of us they have not been that serious. A cyber-attack on the power system, on the other hand, would be very serious, as our modern digital lives cannot exist without electricity.
If you can easily hack into one solar system, then you can can hack into more than one and if you do that simultaneously then it is possible to shut off a massive amount of power to the system
Nearly all of us are totally unprepared for such an eventuality, but we need to be as the risks are very real. Having recently seen a live presentation where an engineer broke into a commercial solar system in Germany and showed how he was able to control that system, I believe the risks are grossly understated. I also don’t believe that utility executives let alone governmental and regulatory authorities realize the risks that we are facing, and the crazy thing is that I don’t believe they will confront these risks until we have a blackout.
Most of us take electricity for granted and thus do not realize how ingrained it is into the very fabric of our lives and how dependent our society is on it. Politicians do understand how important electricity is, with one of their biggest concerns being the ‘risk of a blackout’, which won’t endear them to the voting public.
However, they have been fooled into believing that the best measure of the reliability and resilience of the power system are measures such as the ‘average numbers of minutes that customers had no power last year’. There are even international comparisons available which allow countries like Germany and Denmark to say that they have one of the most reliable power systems in the world. However, this data tells us nothing about how susceptible a power system is to be brought down by a cyber-attack.
We need to connect more, not fewer, intelligent devices to the power system, such as EVs with their large batteries in them
Today, our power systems are controlled as they have been for 100 years by grid operators with their centrally managed control rooms. These grid operators have, in recent years, invested massive amounts of capital into technology platforms for ensuing that we all receive reliable and high quality power 24/7. But if you do manage to hack into that system then you have complete control of the power system. However, you may not even need to do that to cause a significant shock to the system.
If you can easily hack into one solar system, then you can can hack into more than one and if you do that simultaneously then it is possible to shut off a massive amount of power to the system. And if you do that you will cause a blackout and in the case of Europe which has one interconnected grid the shocks will be felt across the whole continent. These risks are only going to rise as we increasingly connect lots of internet controlled (IOT) devices like solar PV, heat pumps as well as electric cars to our grid. This leads to the question how best to deal with these risks?
The first thing is to realize that we have built a fragile system which could break under stress. The second point is to build a power system that is more durable and flexible in its response to cyber and/or physical attacks or as the author Nicholas Taleb calls it, an anti-fragile system. “Antifragility,” he says, “is beyond resilience or robustness. The resilient resists shocks and stays the same; the antifragile gets better.”
His approach, which may at first seem counter-intuitive, is to move away from a centralized system to a decentralised system with lots of “fragile” parts in it, which can watch and learn from each other as each unit improvises in response to unexpected events. This means we need to connect more, not fewer, intelligent devices to the power system, such as EVs with their large batteries in them, which in turn can provide local buffering and improve energy security.
The first thing is to realize that we have built a fragile system which could break under stress
But for this to happen we need to reset the traditional relationship between energy providers, energy users and grid operators to allow greater participation in the world of electricity as well as the decentralization of control. This requires a radical regulatory rethink which is especially difficult given commercial interests of incumbent players.
In the meantime, the public need to be prepared for life during a blackout. This is exactly what the government in Sweden has done; they sent out a leaflet to all Swedish households earlier this year giving relevant tips and advice about how to act during a crisis with instructions on such things as how much water and food should be stored. You may say this is too hysterical a response but at least the Swedish government have understood that it’s better to advise the public than to close their eyes to the risks of having no electricity.
Gerard Reid is founding partner of Alexa Capital in London, a leading corporate finance business focused on energy and mobility. He has over two decades of experience in equity research and fund management in the energy area.
This article was first published on Energy and Carbon, a blog hosted by Reid and energy journalist and advisor Gerard Wynn. It is republished here with permission.