New York skyline when half the city was in blackout due to a power failure during Hurricane Sandy. Midtown, with the Empire State Building, is in the background with the darkened East Village and other parts of downtown in the foreground. Credit: David Shankbone via Wikimedia Commons

Online Exclusive 07/16/2020 Blog

Cyber Resilience in an Age of Climate Chaos

Although both cybersecurity and climate change are increasingly seen as two of the most urgent threats of this century, seldom are they considered together. Yet, arguably, the true challenge of both is the ways in which they intertwine, in evermore unexpected ways. Climate change is at its core a threat multiplier. Rather than being a discrete incident or problem, it makes existing conflicts worse and accelerates instability around the world. And, increasingly, climate change has also accelerated cyber risk.

In recent years, cyber war has been seen as the major threat to the domestic U.S. power grid. Rolling blackouts—while not wholly beyond the capabilities of either China or Russia—have largely been forestalled by diplomacy and the assurance of American retaliation. Nowadays, most threats to the energy grid come from an entirely different kind of cloud. Severe storms, like Hurricane Maria and more recently Hurricane Florence, have plunged millions into the dark. Fires sparked by changing climate patterns (and the Pacific Gas and Electric company) infamously devastated communities across California. America’s power grid has routinely fallen victim not to foreign powers but to our own hubris.

Power grids present not only a hardware challenge but also a profound software challenge. Cyber risks in industrial software, particularly in that of power grids, represent one of today’s most pressing cybersecurity challenges, but they remain mostly invisible in the daily life of the average person. Experts estimate that even brief power outages more than double accidental deaths. As more grids across the country go dark for periods of time due to climate change, it is the most vulnerable populations who suffer . More than simply being a buzzword, a smarter grid will save lives.

Just as today’s industrial software guards against surge attacks (a type of cyberattack designed to overpower a system, similar to a distributed denial-of-service attack against a website), engineers must also learn to protect against storm surges. In response to both rising geopolitical tensions and rising seas, many have proposed that the power grids of the future should be local, self-contained, and resilient in ways that centralized grids fundamentally are not. In some ways this is analogous to an election security approach, and making parts of the grid more low-tech may provide a stopgap measure against both hackers and natural disasters. Traditional grids simply do not have the capacity to adapt to new threats in real time. As shown by Hurricane Florence, which compromised coal plants across the Southeast United States, emerging technologies like wind and solar power are often not only more cost-efficient but also more resilient.

By shifting to a microgrid model, towns and cities can shield themselves from both cyber and climate risk. A grid that uses blockchain and other emerging technologies to balance power use on a single street or in a single home can more freely adapt to outages than traditional metering. Most of today’s grid only goes one way—if your provider goes dark, so do you. But imagine if, instead of being at the mercy of your monthly bill, you could be largely self-sufficient. Similar to the way trees in a forest share nutrients through a so-called “wood-wide web,” the grid of the future will likely not be a grid at all, but rather a tangled web. By being local, nonstandard, and improvisational, microgrids will likely be much harder to hack. When they do go dark, overlapping grids may pick up the slack in ways our current system cannot.

This shift is already occurring. As community solar co-ops catch on, many software firms have begun to explore how to adapt to the demand for flexible, local power. At its most basic level, much of the technical theory behind microgrids already exists. Wi-Fi is a relatively straightforward example: just as most people switch Wi-Fi networks several times a day as they move through their daily routines, so too could microgrids balance between several possible sources of power.

Arguably, the true barrier to adopting such solutions on the local level is not technology, but policy. The recent edited volume Legal Pathways to Deep Decarbonization in the United States is considered by many to be the authoritative treatise on local climate adaptation and has begun this broader conversation. Nevertheless, there remain many unanswered questions about how and when this shift will occur. Increasingly, building a resilient system means directly challenging not only conventional wisdom but also those who profit from it.

For decades, the Tennessee Valley Authority and other major power providers have restricted the growth of local grids, and most power grids across America are effectively regional monopolies. Yet, as shown by repeated blackouts from forest fires, hurricanes, and other extreme weather, the question of whether such monopolies will bankrupt or break apart is increasingly not a question of if, but when. Large-scale utility providers have the option of either passing the baton to more resilient models, or largely collapsing—as PG&E has in recent years—and leaving ratepayers to pick up the pieces. Often, those who pay the most are those who can least afford it. Just as people of color have historically borne the burden of pollution from power providers, so too have historically redlined areas often faced higher energy costs, and more frequent blackouts. But fighting for a fairer, more resilient grid will benefit everyone, just those burdened by the old system. In the words of of Rev. William Barber, a leader in the modern Poor People’s Campaign, “If your lights go out, we’re all black in the dark.”

Cyber resilience means more than merely strengthening existing technologies—it means imagining a world in which we see risk in a fundamentally different way, fitting the challenges of an increasingly chaotic century. It means fighting for freedom from monopolies, especially for those who have historically borne the brunt of environmental harm. Rather than discrete attacks from black hat hackers or a single storm, threats to the grid will likely be ongoing and dynamic. Such threats require not only technical expertise, but also our creativity, our courage, and our willingness to challenge conventional wisdom.


—Robin Happel

Robin Happel is an environmental law student in Yale’s joint J.D. program. Previously, she has volunteered with Columbia’s Renewable Energy Legal Defense Initiative and served as a Climate Reality Leader and student ambassador for the Carnegie Council. She is originally from east Tennessee, near the heart of coal country.