A white paper published by the Center for Long-Term Cybersecurity, Cyber Resilience and Social Equity: Twin Pillars of a Sustainable Energy Future, examines the importance of cybersecurity in ensuring equitable access to energy. In an era marked by both cyber and physical threats to electric grids, the paper advocates for “sustainable energy delivery systems that ensure robust defenses without compromising the goals of reducing energy poverty and ensuring energy security.”
The report was authored by Emma Stewart, Chief Power Grid Scientist at Idaho National Laboratory (INL), one of the national laboratories of the United States Department of Energy; Remy Stolworthy, a Cyber Vulnerability Analyst at INL; and Virginia Wright, Program Manager for Cyber-Informed Engineering (CIE) at INL.
The report was published as part of the Center for Long-Term Cybersecurity’s 2024 Public Interest Cybersecurity Research Call for Papers, and was presented in June at the 2024 Cyber Civil Defense Summit.
“The energy sector faces a dichotomy: entities that can afford cybersecurity have many options, while those that cannot face tough choices with insufficient support, such as purchasing offshore equipment with enhanced security risks or utilizing the cloud because of lack of data infrastructure, but potentially in both cases introducing new or enhanced security risks, with no resources to manage,” the authors write. “This paper seeks to bridge these divides, offering security and equity-driven solutions modeled after existing federal initiatives, and alternative strategies pertaining to regulation, data management, staffing, and procurement, a trend particularly noticeable in areas with lower income. This creates a crucial gap that requires urgent attention and resolution.”
The paper encourages greater adoption of technologies that integrate security into the operations of energy systems, including cyber-informed engineering (CIE) and secure-by-design (SbD) principles. The paper highlights how these strategies “can protect critical infrastructure and democratize access to secure energy, particularly for disadvantaged communities.”
In addition to technical practices, the paper also addresses the workforce development gap, emphasizing the necessity for public-private partnerships and vendor engagement in creating a skilled cybersecurity workforce. The authors note that there is often a disparity in resources and expertise available to small- and medium-sized utilities compared to large, investor-owned utilities, and recommends “a series of collaborative efforts to enhance cyber resilience and social equity.”
“Along with addressing these technical solutions, addressing the workforce gap, particularly within smaller utilities, is crucial,” the authors write. “Vendors play a significant role by aligning with the specific needs of these utilities and empowering them with the skills needed to maximize their cybersecurity measures, for example through right-sized technology, alternative workforce models, and targeted training.”
Calling for “a holistic approach towards cybersecurity,” the authors note that “the future of the U.S. grid depends on a synergy of technological innovation, policy reform, and dedicated workforce cultivation, ensuring that security and equity are at the forefront of the energy industry’s evolution.”
“There is a critical need for a paradigm shift that transcends traditional frameworks of ownership and responsibility to steer the nation toward a resilient and inclusive grid,” they conclude. “The challenges in cybersecurity, operational complexity, grid-edge intelligence, and workforce development are not merely obstacles, but opportunities to catalyze a new era of sophisticated and sustainable energy infrastructure.”
