Iran has proven that energy is the frontline - We need to defend it like one |
The United States’ war with Iran has proven that one of the most potent weapons of modern warfare is energy.
Listen to this article
The chaos in energy markets catalysed by the closure of the Strait of Hormuz has revealed just how vulnerable we are to energy shocks.
But there is another vulnerability when it comes to energy, and it’s one that becomes even more critical to be aware of and defend against as we invest more in domestic supply: the targeting of the infrastructure itself.
And while drones and missiles are used for this purpose, we should learn the lessons from Ukraine where Russia and Russia-affiliated hackers have been using cyberwarfare to disrupt Ukraine’s energy grid for well over a decade now
But before I further detail the threat, let's first acknowledge the obvious: We have to be going further and faster when it comes to domestic energy.
Those in the energy sector like me have been calling for a rethink of our energy mix long before this war with Iran, but events have made our calls feel even more urgent: The UK needs to be massively building out domestic solar and wind infrastructure, investing in better battery capacity and innovating when it comes to ways to make the energy we do produce go further through interconnection.
This will make the country more resilient to geopolitical energy shocks and more independent on the world stage.
But as I mentioned before, a more interconnected grid tying together more systems can also be, without the proper protections, a more appetising target for the enemy. Like anything else essential for a well-functioning society, its effectiveness and interconnectedness makes it a target for those who see energy as a weapon of war. So protecting should be our top priority.
Therefore at the highest level governments and those working in energy must take a proactive approach to tackling cyber-threats but also making sure they’re choosing partners in the private sector who do the same.
We’ve seen Iran attacking energy infrastructure kinetically, like their recent targeting of a massive Qatari gas facility. But renewable energy is more reliant on digital infrastructure, which makes it more likely that an attack comes in cyber form.
In Ukraine, we’ve even seen the two approaches in tandem: With cyberattacks on Ukrainian energy systems used to gather targeting information for missiles.
And in other industries in the UK, like the NHS, we’ve seen private partners used as a backdoor to access a state utility. The risk for energy is similar both in scale and the potential for catastrophe.
The UK has a solid baseline when it comes to cybersecurity and on the legislative side it is currently working on putting into law the Cybersecurity and Resilience Bill. Once it becomes an act it will enable regulators to enforce larger, turnover-based penalties for serious cybersecurity breaches by companies with ties to critical infrastructure.
But measures like that are focused on what happens following a breach and a lot of the UK’s frameworks and requirements are broad and principle-based.
For the UK to be sure that it has a hermetic energy system that is as resistant to cyberattacks as it can be, I’d like to see requirements become more proscriptive, to demand and require a more concrete illustration of how firms and stakeholders are protecting themselves.
My company, Podero, is an energy optimisation platform. We work with utilities to provide smarter, cleaner energy to households and businesses across Europe. Because of the reach of our platform, from power-plant to people’s homes, we take ironclad security and protection from cyberattacks incredibly seriously.
That means taking a holistic approach to security, building our system from the ground up with isolation, privacy and encryption in mind to stop hackers spreading through it. It means never taking security for granted, and constantly independently testing to make sure we’re not missing any gaps. And it means keeping things local: Never storing data outside of European servers.
These proscriptions can seem mundane, but what they’re protecting against is not: blackouts for millions; transport systems halted; hospitals forced onto back-up generators.
In short, our energy system could be held to ransom.
As more grid-connected devices sit in people's homes, the attack surface for grid disruption shifts from substations to software. The answer is not to slow down the energy transition.
It is to build platforms that treat security as a first-class concern from day one, not an afterthought.
Chris Bernkopf is an energy expert and the Co-Founder & CEO of energy management platform, Podero
LBC Opinion provides a platform for diverse opinions on current affairs and matters of public interest.
The views expressed are those of the authors and do not necessarily reflect the official LBC position.
To contact us email opinion@lbc.co.uk