• Energy News Network
  • Energy News Network
  • Midwest
  • Southeast
  • Northeast
  • West
  • Opinion
  • About
    • Code of Ethics
    • Staff
  • Donate
  • 40 Under 40
Q&A

Q&A: For Connecticut cybersecurity officer, renewables mean new risks

Written By Meg DaltonOctober 18, 2018
Photo By
jaydeep / Wikimedia Commons

jaydeep / Wikimedia Commons

The state’s chief cybersecurity risk officer says distributed generation creates new entry points for hackers to exploit.

Connecticut’s public utilities are at risk.

Arthur House

Cybersecurity threats are growing in number and degree of seriousness, according to a new report from the state. Last month, Gov. Dannel Malloy released the state’s second annual review of utility cybersecurity, which found that despite millions of attempts, there were no cyber breaches of the major utility companies delivering electricity, natural gas, and water across the state. Attempted hacks varied from a few thousand to more than 10 million, depending on the week, and came from every continent. A successful cyber attack might mean stealing customer data, infecting utility’s computer software, or even causing a statewide blackout.

Public utilities have thwarted attacks so far, but the emergence of renewables in Connecticut’s energy market could complicate matters, according to Arthur House, the state’s chief cybersecurity risk officer. “We’re very concerned about people getting into utility company through a renewable system,” he said. Renewable energy is a burgeoning player in the state and made headway earlier this year when lawmakers passed a bill mandating that 40 percent of its electricity come from renewable sources by 2030.

House recently spoke with the Energy News Network about the relationship between clean energy and cybersecurity. This conversation has been edited for length and clarity.

Q: What are the big takeaways from this year’s report?

First of all, the intensity and frequency of probes and attacks have increased. Secondly, utilities have grown their cybersecurity capacities. Ten years ago, they might have had one or two people on board. Now it’s a more thorough team. Third, both boards of directors and CEOs continue to take this seriously, even more so in 2018 compared to 2017.

Q: Can you explain how clean energy, like solar and wind, fit into the state’s cybersecurity efforts?

We have to address global warming and climate change, and renewables are central to that effort. At same time, we have to protect society from cyber compromise. We have to understand how they relate to each other. When you have a new system, it’s built for efficiency and low cost without all the cybersecurity guards built into more traditional forms of energy. [That’s] something we need to pay attention to.

If you look at this from cybersecurity perspective, the source of power is less important than its security. We’re concerned about distribution in a safe manner. As we move off conventional sources of energy to more wind, more solar, we’ve got to make sure new energy sources are as well protected or better protected than the ones we replace. If you throw in a new set of suppliers like solar panels on roof, you have more openings for cyber penetration.

Q: So new suppliers mean an increasing number of entry points into Connecticut’s energy system. How do you balance the need for these sources of clean energy with the need to be cyber-secure?

It is a juxtaposition that I regret because both are laudable goals. We want both. Sometimes working in one area does not solve questions in the other. Cybersecurity isn’t a prime concern for a lot of these startup companies like getting orders and installing high quality systems [are]. [Those are] immediate do or die issues. If they don’t resolve them, they won’t be in business anymore.

We want them to conduct business in ways that are more cybersecure. We want more renewables. We want access to energy they generate, but don’t want to compromise entry into utility itself.  

Q: There’s been talk about modernizing the electric grid in Connecticut. What would the move toward a smart grid and technology like smart meters mean for cyber resiliency?

I think the grid modernization is an opportunity to focus on cybersecurity. There needs to be attention to reducing the number of and exposure of grid platforms. Ironically, those who came late to the game in grid modernization have advantages. They can adapt new computer technologies that are more cyber-secure than ones that existed years ago. When you have a decentralized grid, there’s all kinds of ways to get in. I’d rather have grid modernization, with the software and a greater sense of where openings are and how to protect them.

Q: How might the cybersecurity strategy shift as the state continues to embrace renewable energy?

We have done this report, an initial effort, and Connecticut is one of the more advanced states [in cybersecurity]… Our cybersecurity action plan, which came out in May, set forth things that can be done now. At some point, we might want to expand annual review of cybersecurity to include things like solar.

About Meg Dalton

Meg Dalton

Meg is a freelance journalist and audio producer based in Connecticut who reports on the environment, gender and media. She’s reported and edited for the Columbia Journalism Review, PBS NewsHour, Architectural Digest, MediaShift, Hearst Connecticut newspapers, and more. In addition, her audio work has appeared on WSHU, Marketplace, WBAI, and NPR. Meg covers Connecticut and Rhode Island.

  • More by Meg

Related News

  • In Illinois, utility regulators are playing bigger role in smart-grid cybersecurity

    Growing exposure to smart-grid-related cybersecurity risks is forcing state regulators to play a bigger role in preparing utilities for potential threats.

  • "Welcome to Virginia" sign

    ‘RGGI works’: Virginia advocate on what state stands to gain from carbon cap

    The initiative is expected to create new revenue for renewable energy and climate change resilience projects.

  • Illinois partnership looks to build trust in grid through cybersecurity research

    A team of researchers at a unique facility in downstate Illinois is working to answer questions around maintaining trust in the power grid, particularly when faced with cybersecurity threats.

Comments are closed.

Latest News

  • Battle lines are drawn over oil drilling in California
  • Electric vehicle drivers in Michigan see increased investment in fast charging
  • Nebraska utility bets on technological advances to meet carbon-cutting goals
  • a "gas" cap cover with an electric plug symbol
    To shift EV charging habits, Minnesota co-ops turn to technology, incentives
  • food waste piled up in a dumpster
    Despite recycling mandate, food waste-to-energy struggles to grow in Connecticut
  • Massachusetts divestment movement seeks to capitalize on fossil fuels’ decline
  • Michigan utilities see role for renewable natural gas, but cost barrier remains
  • How one company could transform energy in Southern states

More from the Energy News Network

  • Energy News Network
  • Midwest
  • Southeast
  • Northeast
  • West
  • About
  • Support

The Energy News Network is an editorially independent project of  
© Copyright 2019

  • Terms of Service
  • Privacy Policy

Built with the Largo WordPress Theme from the Institute for Nonprofit News.

Back to top ↑