Lighting the dark waters of local energy
As long ago as 2016 we started warning of the information security risks in community energy schemes. In the Proceedings of the Institution of Civil Engineers, we said that:
There are many community energy schemes. Their number and variety are increasing briskly. They bring new kinds of information into existence and they handle existing kinds of information in new ways. They share, to varying degrees, vulnerabilities to a wide range of information security threats. Those threats include new opportunities for crime and terrorism. At the extreme, their effects include danger to persons through interference with their ‘critical home infrastructure’ such as heating, lighting and refrigeration. The excitement of the novelty of community energy, and the focus of thinking on flows of energy and of money, means that often the flows of information, and their security, are not being considered as carefully as they ought to be.
Time has passed, but things haven’t got any better. There are Infosec standards for smart metering, and there are lots of good general Infosec standards with no specific bearing on the problems of energy systems, but until now there has been no standard or point of reference for Infosec in localized energy systems.. We had to develop security from the ground up for our real-time community trading trial on the island of Iona. The photo is from the sea voyage to the island.
Following that experience as part of our work to develop a Local Energy Market in Devon and Exeter, we’ve invested a lot of effort into developing what we believe to be the world’s only (and therefore best!) formal statement of requirements for information security in a local energy market. It’s based on the best current Infosec practice and draws on the vocabulary and controls of the ISO 15408 Common Criteria for Information Technology Security.
A light on a dark sea.