Cybersecurity and Climate Change: The Dual Challenges Facing Energy CIOs

In a decades-long career that began as a NASA engineer and has catapulted him into the C-suite at one of the nation’s largest electric utilities, Todd Inlander has seen his share of challenges. But few things have readied him for the crises—and opportunities—his industry is facing today.

As senior vice president and chief information officer at Southern California Edison, which delivers power to 15 million people across 50,000 square miles, Inlander has a to-do list as long as the state’s southern coastline. Like business and IT leaders in every industry, he is focused on streamlining IT, improving customer mobile app experiences, and strengthening cybersecurity.

But Inlander’s industry is not like many others. It is at the bleeding edge of the climate change debate and the race to reduce carbon output. This summer’s drought, wildfires, and the prospect of rolling blackouts in California have put Inlander’s most urgent work in the spotlight: transforming Southern Edison’s grid technologies and adopting renewable energy sources.

Tanium’s Cyber Hygiene Assessment: An actionable path to better endpoint management and security

California is seeking to cut greenhouse emissions 40% by 2030 on its way to 100% zero-carbon electricity by 2045. To drive business forward, Inlander must manage these goals.

“The level of innovation, pace of technology change, and expertise needed to meet the challenges of decarbonization is higher than it has ever been in this industry,” says Inlander.

A complex IT environment

Adjusting to new state energy directives has dramatically transformed the enterprise operations and the daily tasks of utility CIOs. As energy grids become more complex and interconnected, IT and business leaders have broadened the scope of their activities.

Inlander’s role has evolved from a focus on traditional IT projects to greater involvement in the management and running of Southern Edison’s transmission and distribution units. One area of intense focus: enhancing technologies that operate the energy grid as they converge with the company’s traditional information technologies at its data centers.

One area of intense focus: enhancing technologies that operate the grid as they converge with traditional IT.

“The lines between IT and operations folks have blurred,” says Inlander. “It is hard to tell who comes from which department, which is a breath of fresh air and yields better results.” 

For CIOs like Inlander, it also requires a renewed focus on the basics of good cyber hygiene. These include knowing and cataloging all the endpoints and devices connected to the network, managing the growing number of apps and other software that have proliferated during the remote-work era, automating the patching of sanctioned software (while getting rid of rogue apps), and creating a rapid-response plan to security threats.

Inlander’s department has worked hard to understand how energy technology is evolving and, just as crucial, how to make new operational systems robust against cyberattacks.

The lines between IT and operations folks have blurred. It is hard to tell who comes from which department.

Like many other utilities, Southern Edison uses smart inverters to enable its distributed energy resources (DERs). These devices provide the efficient conversion of direct current output from DERs like solar panels into alternating current that can be used by consumers in homes and businesses.

But these internet-enabled inverters also present a cybersecurity risk, one that is expected to grow as solar power makes up an ever-bigger part of the energy mix, which in California is expected to take off thanks to the state’s 2020 mandate that all new homes must install solar panels. If hackers gain control of smart inverters, they could reconfigure software settings to create surges or dips in voltage, leading to widescale brownouts and blackouts, according to research at the Lawrence Berkeley National Lab, which has worked on inverter cybersecurity.

Inlander and his team are well aware of the issues and challenges ahead. “We have IT architects and security engineers engaged in smart inverter standards groups,” says Inlander. “And we continue to develop expertise in control systems security and DER device security to mitigate operational and cyber risks of integrating these new devices with our systems.”

Interconnected Systems

California is a particularly demanding utilities market. Home to more than 39 million people, the state’s temperatures rise dramatically in summer and create high demand for air-conditioning. The state is also home to about four in every 10 electric vehicles (EVs) today. Because solar and wind are sporadic and hydropower is vulnerable to drought, powering these EVs can be a challenge.

[Read also: How engine maker Cummins embraces cyber hygiene]

“An EV may have the same load as a house,” says Inlander, “but it moves around.” And as those vehicles grow in number, spurred on by the state’s pledge to end the sale of fossil-fuel power vehicles in 2035, the number of those moving energy targets will only grow.

“In order to effectively manage an electric grid that increasingly relies on variable renewable energy sources and services EVs,” Inlander says, “a much higher degree of automation is required to manage energy delivery.”

At Southern California Edison, that means modernizing its grid with new technologies. These range from advanced circuit-level load forecasting, which relies on meter voltage data, to modern and adaptive control systems, and private field area networks. Such networks rapidly connect intelligent devices across transmission and distribution systems.

“These new technologies,” says Inlander, “are more like enterprise IT computing platforms than special purpose-built equipment” and include distributed computing using virtualization, digital twin technologies for simulations, and hybrid cloud technologies.

More devices, more challenges

The next big challenge for IT systems in the energy field will be integrating a new wave of ultra-powerful batteries that can store energy for longer than the roughly eight hours of current batteries and would store energy from DERs to form an essential hub for grids.

As the number of devices drawing power from grids increases, and the number of sources providing power grows, so too do the attack surface and the complexity of threats, says Inlander. But staying a step ahead is the name of the cybersecurity game. The growth in power needs and the embrace of new sources of energy are inevitable. For Inlander, that means one thing: All the change “has required us to better protect our environment,” he says.