Listen to this post

As discussed previously in this blog, physical attacks against substations have been on the rise. However, the U.S. power grid[1] is also vulnerable to cyberattacks from U.S. adversaries, which includes hostile foreign governments, as well as individual bad actors such as insiders and criminals. Although there have been more physical attacks than cyberattacks on the electrical grid this year (see also Department of Energy annual summaries), the potential for harm is great by either approach.

Furthermore, physical vulnerabilities can be used to create and exploit cyber vulnerabilities. For example, in 2017 the University of Tulsa in Oklahoma demonstrated how they could stop the turbines on an entire wind farm by first physically breaching a pin-and-tumbler lock on one turbine’s metal door and then hacking unsecured servers inside the turbine that were connected to all other turbines on the project. The vulnerability of wind farms continues to be a concern. Unlike legacy power plants that are isolated (“air gapped”) from the commercial Internet, small renewable installations in Europe often run on diverse third-party systems that are digitally connected to the power grid. In fact, according to Wall Street Journal reporting in April of 2022, three European renewable energy companies reported cyber incidents following Russia’s invasion of Ukraine.

Given the potential of such combined physical and cyberattacks, the historical reliance on protecting cyber systems by having an air gapping where systems are disconnected from wireless networks and the Internet is coming into question, given successful attacks that implemented both approaches. Some examples include: (i) the U.S. Department of Homeland Security alert that Russian “cyber actors” had gained the ability to disable U.S. electrical grids and had breached the “air gap” through spear-fishing and other tactics; (ii) the announcement by Microsoft and cyber security agencies from the United States and four other governments that a Chinese government hacking group had acquired a significant foothold inside critical infrastructure environments; and (iii) the Stuxnet virus that in part relied on the physical use of infected USB drives to disable Iranian nuclear facilities.

On September 12, 2023, the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) announced $39 million of funding for nine new National Laboratory projects addressing cybersecurity concerns affecting distributed energy resources, which include utility-scale solar, wind, storage and other clean technologies, as well as behind-the-meter systems and devices. The focus on protecting renewable systems reflects a growing international concern about the vulnerability of these resources to cyberattacks.

Government regulations continue to evolve to anticipate and respond to these cyber and physical threats to the bulk power system. Pursuant to 16 U.S.C. Section 824o, the Federal Energy Regulatory Commission (Commission or FERC) has authority to oversee the reliability of the bulk power system, which includes authority to approve mandatory cybersecurity reliability standards. FERC certified the North American Electric Reliability Corporation (NERC) as the United States’ Electric Reliability Organization. In Order 706, FERC approved Critical Infrastructure Protection (CIP) Reliability Standards developed by NERC and directed NERC to further modify those standards. In June of 2023, NERC issued its 2023 State of Reliability which found, in part, that physical and cyber attacks are increasing, reinforcing the need for further development and adaptation of reliability standards and guidelines.

Husch Blackwell will continue to monitor regulatory issues related to energy security and compliance.

[1] The U.S. power grid is technically several interconnected grids that span the U.S. and Canada, except that the grid occupying most of Texas is not fully interconnected with the other U.S./Canada power grids.

Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Sean Farrell Sean Farrell

Sean combines his experience in real estate law and energy regulation to help clients build the renewable energy projects that will drive the future.

After beginning his legal career in litigation and real estate agreements, Sean found himself drawn to news articles regarding

Sean combines his experience in real estate law and energy regulation to help clients build the renewable energy projects that will drive the future.

After beginning his legal career in litigation and real estate agreements, Sean found himself drawn to news articles regarding changes in energy law and energy programs through the Public Utility Commission of Texas (PUCT). Realizing his true interest lay in the energy sector, he pivoted from his law firm job and took a position as a PUCT attorney, where he represented the public interest in proceedings before the Commission. Sean served as the lead attorney for the Competitive Renewable Energy Zone docket and regularly addressed matters involving transmission lines, violations and rulemakings.

Sean later returned to the private sector, representing clients in administrative proceedings before the PUCT, including contested rate cases and cases involving placement of transmission lines. He then transitioned from energy matters to real estate law, negotiating commercial leases and purchase and sale agreements, resolving title and survey issues, and representing landlords, tenants and developers.

Today, Sean combines both aspects of his background and represents renewable energy project developers and owners in a variety of real estate matters. He advises clients on title and survey issues, leases, easements, acquisitions and dispositions of property, landowner negotiations, and financing and investment agreements.

Sean greatly values the opportunity to work in such an important and evolving area of law, and he’s particularly excited to work with clients on the cutting edge of energy development. He knows renewable energy is a field the world is increasingly—and necessarily—embracing, and he finds great satisfaction in helping clients build a better and prosperous future.