The Federal Bureau of Investigation (FBI) published Monday a Private Industry Notification (PIN) emphasizing how malicious cyber actors may seek to disrupt power-generating operations, steal intellectual property, or ransom information critical for normal functionality to advance geopolitical motives or financial gain within the U.S. renewable energy industry. With federal and local legislature advocating for renewable energies, the industry will expand to keep pace, providing more opportunities and targets for malicious cyber actors. The agency further cautions that threats are likely to specifically target the operational technology (OT) software and hardware systems.
“Structural shifts in the reduced cost of implementation of renewable energy and incentives for development of clean energy have created new targets and opportunities for cyber threat actors to disrupt and exploit for their own gain,” the FBI outlined in its document.
The agency noted that the passage of the Inflation Reduction Act signaled a new push by the federal government to encourage renewable energy options for different US municipalities and expand these technologies to more U.S. citizens. “As renewable energy, which generates about 21% of all US electricity as of late 2023, becomes more nationally prevalent, US consumers are increasingly exploring ways to reduce their own fossil fuel consumption through new government tax incentives. This has included US federal agencies, such as the DoD, which is the largest consumer of energy in the US government, much of which it sources from local electric grids,” it added.
In late 2023, the Metropolitan Washington Council of Government announced a non-binding target to install 250,000 solar rooftops by 2030. Virginia set ambitious energy goals in 2019, aiming for 5,500 MW of wind and solar energy by 2028—with 3,000 MW in development by 2022. By 2030, the plan is for renewable energy to supply 30 percent of the state’s electricity, and by 2050, Virginia aims to have 100 percent of its electricity sourced from carbon-free energy—wind, solar, and nuclear.
The FBI details that a cyber attack against a solar panel system—residential or commercial—would likely focus on targeting the system’s OT software and hardware; specifically, malicious cyber actors could attempt to gain control over a solar panel system through the inverters. “Inverters are responsible from converting the direct current (DC) energy that the solar panels generate into practical alternating current (AC) electricity,” it added.
Some inverters have built-in monitoring systems that connect to the Internet, which increases their risk profile; if a malicious cyber actor took control of a residential inverter, they could attempt to reduce that solar panel system’s power output or target that home’s battery storage inverter (if one is onsite) to overheat it.
The agency noted that while cyber attacks against residential solar infrastructure have been rare historically, malicious cyber actors could seek to target microgrids, which local power systems use to operate independently of the larger electrical grid during a power outage. To attain a larger disruption, malicious cyber actors could attempt to target inverters at solar farms; however, researchers are working to counter this potential risk through a passive sensor device that can detect unusual activity in the electrical current.
The FBI called upon current and former employees of companies within the renewable industry to report cyber intrusions targeting either themselves or their organization, as well as suspected elicitation attempts by foreign nationals outside of the organization. Private industry partners can contact their local FBI office to report security concerns and request threat briefings.
The agency identified that partners in the renewable energy industry can address espionage and cyber threats by monitoring network activity for unusual or suspicious traffic and activity; updating company networks to patch any potential security vulnerabilities, along with firewalls and antivirus software; and reporting computer network intrusions to the appropriate law enforcement organizations.
They must also report unexpected visits to company facilities or suspicious solicitations to employees while attending conferences or during foreign travel to law enforcement and consider risks from vendors (to include sub-vendors or parent companies) to avoid exposure to deliberate exploitation of supply chain vulnerabilities as an attack vector; this includes scrutinizing vendors from nation-states associated with cyberattacks or those subject to national legislation requiring them to hand over data to foreign intelligence services.
FBI also recommends that network defenders apply general mitigation techniques to limit potential adversarial use of common system and network discovery techniques. They must prepare for cyber incidents by maintaining offline backups of data, and regularly maintaining backup and restoration; ensuring backup data is encrypted, immutable, and covers the entire organization’s data infrastructure and not already infected; and reviewing the security posture of third-party vendors and those interconnected with the organization.
They must also implement listing policies for applications and remote access that only allow systems to execute known and permitted programs under an established security policy; document and monitor external remote connections; and implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location.
The FBI also put forward some identity and access management initiatives and vulnerability and configuration management measures that organizations must adopt to mitigate emerging cyber threats.
Last week, industrial cybersecurity company Dragos said that it has observed a significant rise in cyber threats across the Nordic countries, including Denmark, Finland, Iceland, Norway, and Sweden, as well as the autonomous territories of the Faroe Islands, Greenland, and the Åland region. The interconnectivity essential to their economies and societies also presents a substantial vulnerability for industrial infrastructure. Furthermore, the Nordic renewable energy sector has proven to be a lucrative target because of its critical importance to the region’s energy security.
This post was originally published on the 3rd party site mentioned in the title of this this site