Alternative Energy Companies Prepare for Digital Takeovers

At a recent renewable energy convention and trade fair, companies with a vested interest in the trade organized an IT security workshop. The presentation, according to some who observed the event was quite frightening. An information and data security consultant demonstrated the damage a malicious hacker could cause. He walked the guests into the darknet.

The cluster management Digital Economy Schleswig-Holstein (DiWiSH), the Network Agency for Renewable Energies (EE.SH), and the industry association watt_2.0 e.V. organized the cybersecurity workshop during the New Energy Trade Fair. As the world of cybercrime evolves, the list of potential targets expands. Renewable energy executives see the power infrastructure built on regenerative energy systems such as wind turbines or photovoltaic systems as the next major target.

Even though renewable energy sources are not cutting edge, engineers made great strides during the last decade. For example, at the introduction of working solar panels, engineers squeezed out energy from 4% of the sunlight a panel received during the day. And some considered that viable. Now, using an entirely different “collection” method called photovoltaic systems, each “cell” is more than three times as efficient, thus generating more than three times the energy of traditional solar panels.

Increased efficiency in every department along with new and innovative ideas created a genuine opportunity for regenerative energy systems that expanded beyond Toyota Prius solar panels. Now that the digitization of these systems and resources moved to the next level, they opened a doorway to both new energy possibilities and the age of cybercrime.

The Network Agency for Renewable Energies (EE.SH) hosted the cybercrime learning event in March. They hired Markus Manzke of zer0bs.de and additional speakers for the ultimately successful demonstration.

“We will not show you how we are entering the company’s system, but we have already found the openings,” Manzke announced. He led the guests down a path where he demonstrated the potential attacks a real attacker could exploit. He explained the risks involved by literally demonstrating what a malicious entity would do—Manzke, of course, executed no attacks that caused harm to any infrastructure or any of the sort. He put it through a dry run test.

While other IT experts explained the costs and potential options or protection methods a company could employ, Manzke showed the audience the darknet. He explained that the tools often used to break through security mechanisms land on the darknet in one form or another. Many vendors sell hacking tools or software. However, often the listing advertises a repackaged version of already available software. Note that the NSA hacking tool drama—a failed auction of stolen NSA software and then Zeronet direct sales—was a one-of-a-kind event. Very few examples of tools with the abilities described in the seminar are readily accessible – not that they don’t exist; one simply will not find them on Alphabay.

But the day when energy system hacking software becomes as easily accessible as ransomware kits is not yet here. And the moment the darknet plays any role in taking down a power grid, massive changes will follow.