Since the 1973 Arab Oil Embargo, America’s reliance on imported oil has always been the primary energy security concern. Every president since Nixon has promised “energy independence,” and the goal of reducing oil imports has dominated the energy policy agenda. Transitioning to a low-carbon economy that moves off oil is thus not only necessary to address climate change, but also brings many energy security benefits. Around the world, renewable energy that is locally generated reduces the energy-security risks of fossil fuels that are globally traded.
Yet the transition to a low-carbon economy may bring new and different energy security risks of its own that have so far received relatively little attention. Among the most important is the threat from cybersecurity, as a low-carbon economy becomes more electrified and interconnected.
Electricity is vital to nearly every aspect of our daily life and the economy. Electricity is needed to produce food and purify water. Our financial and telecommunications systems do not function without it. It is key to transportation, energy production, hospitals and emergency services. Reliable electric power is also essential to our homeland security and national defense.
Moving away from fossil fuels is likely to require large-scale electrification, and then the generation of yet more electricity from low-carbon energy sources. The International Energy Agency predicts that the share of electricity in final global energy consumption will increase from 18% in 2014 to as high as 28% in the agency’s low-carbon scenario by 2050. Decarbonization of transportation very likely means more electric vehicles, which are falling in cost, growing rapidly in sales each month, and may even become mandated in many urban areas. Transitioning away from fossil fuels for heating in the residential and industrial sectors also means more electrification.
Along with increased electrification, the digital age also means that our electric devices—from household appliances to electric vehicles to increasingly ubiquitous smart sensors—are more and more interconnected through smart grids and the “Internet of Things.” Nearly 50 billion devices are projected to be connected to the internet by 2020, twice as many as last year, according to an FTC report from January 2015. The economywide benefits of greater interconnectedness are enormous: A recent McKinsey report estimates that digitization of services and physical assets like cars and buildings could add more than $2.2 trillion to the annual GDP of the U.S. by 2025. And increased efficiency and renewable capacity can be achieved through new connected devices and sensors.
But an increasingly interconnected, digital and electrified energy system also poses vast new physical and cybersecurity risks that the next administration must prioritize in its new energy security agenda. A more digitalized electricity system is vulnerable to malicious attacks. Ukraine experienced this firsthand when a coordinated cyberattack targeting regional electricity distribution companies in December 2015 left 225,000 customers in the dark for hours. Incidents of cyberattack aimed at the grid in the U.S. are on the rise.Reported incidents rose 20% in 2015 from the year prior, with the energy sector the second largest target. Speaking of critical infrastructure like power generation, the head of U.S. Cyber Command told Congress “it is only a matter of when, not if, we are going to see something dramatic.”
While smart-grid systems promise energy efficiency gains to both consumers and grid operators as each gain greater control over the energy in homes and businesses, low regulatory oversight and a lack of clear security standards for new devices leaves this digitally connected energy system vulnerable. Last month’s internet outage, triggered by a hack on internet-connected devices like cellphone cameras and baby monitors, was a potent reminder of the risks from billions of connected devices with little or no cybersecurity protections.
Consider the risks presented by electrification and digitalization of the transport sector. In a world of electric vehicles, the consequences of electricity outages would be far more severe, as electricity is more difficult to store than gasoline or oil. Moreover, concerns about car-hacking—both electric and nonelectric models—are real. In the second example, hackers took control of a car’s steering wheel and accelerator from a laptop. Imagine the dire consequences in self-driving cars, which have more possible ways into the cars’ networks. Or the potential for malicious code to be installed and later activated in our vehicles. Will stringent safeguards exist in other countries like China that have ambitious plans to manufacture and export cheap electric vehicles?
Grid-connected renewable energy sources, such as utility-scale solar and wind power plants, and distributed energy resources, such as rooftop solar systems, are also vulnerable to cybersecurity risks. To be sure, distributed generation—combined with energy storage—can increase grid resiliency, especially during hurricanes and other weather-related power outages. But as long as these systems are connected to the grid (or a virtual power plant), they present new risks in the form of thousands of potential backdoors for hackers to the electricity grid.
Smart grids, which use intelligent gadgets and two-way communications between electric devices and the grid, are also potential soft targets for cyberattacks—and have received too little attention to date from local utilities. Without proper safety measures, these tools for improving energy efficiency can be used by malicious hackers to shut down entire electricity networks.
Transitioning away from fossil fuels more quickly must be a priority to address the urgent challenge of climate change. And that means a more rapid shift to an electrified and digitalized energy system. While that shift reduces energy security risks we have faced for decades, it also presents many new ones as well that the incoming administration must address with greater urgency through cybersecurity standards and regulations for the new technologies and devices that will power the clean energy economy.
Jason Bordoff (@JasonBordoff), a former energy adviser to President Obama, is a professor of professional practice in international and public affairs and founding director of the Center on Global Energy Policy at Columbia University.