Trusted Data Drives Clean Energy

Reducing carbon emissions is essential for the health and welfare of humans on earth. Sharing trusted data is a necessary enabler in this effort.

By Julian Durand, Vice President of Product Management at Intertrust Technologies, and Amandeep Grover, Staff Manager, Strategy and Analysis, at Qualcomm

The clean energy transition depends on IoT devices. However, it’s not just about the devices, the data they generate is also just as important and needs to be trusted. Several attacks on wind turbines and other renewable energy IoT devices have demonstrated their vulnerability to criminal and nation-state attackers. More generally, the issue of greenwashing has proven to be even more pernicious, leading to a lack of faith in meeting emissions targets.

In both cases, the malicious manipulation of data is a major issue. In the former case, data is attacked to disrupt and destroy the capacity for renewable generation. In the latter case, the concern is that corporate entities are faking data such as the generation or consumption of green electrons to greenwash operations. Both contribute to carbon emissions continuing at a pace that is rapidly making the earth an uncomfortable home for humankind.

For society to track and systematically reduce carbon emissions in a data-driven, accountable manner, trusted systems, and trust in the data they produce, are essential.

Clean Energy Attacks

On February 24th, 2022, at approximately the same time Russian forces invaded Ukraine, Enercon, a German wind turbine manufacturer, was attacked through the Viasat network, and 5,800 turbines were taken down, as reported by Fortune magazine. These turbines provide 10 gigawatts powering over 7.5 million homes. [1], [2]

This is an obvious disrupting attack. Much more subtle attacks that can be mounted to poison the data operators use to manage and optimize the operation of renewable generation.

Clean Energy Transition

In 2021, the IEA report entitled Net Zero by 2050: A Roadmap for the Global Energy Sector outlined how the global energy system can shift towards net zero. Countries representing 70% of global carbon dioxide (CO2) emissions have pledged to reach net-zero emissions by mid-century or soon after. According to the International Energy Agency (IEA) the share of renewable energy in global electricity generation has already grown to approximately 30% in 2022.

To continue expanding clean energy, we need to focus our attention and collective efforts on all the ways we can decarbonize our economy while balancing the need for energy security and affordability. Smart Buildings, Smart Grids, Electro Mobility, and Distributed Energy Systems are just some examples of technologies that are helping to drive the energy transition.

Digital Transformation in the Renewable Energy Sector

Digitization vs. Digitalization.

If digitization is a conversion of data and processes, digitalization is a transformation of those processes into concrete change. More than just making existing data digital, digitalization embraces the ability of digital technology to collect data to establish trends and make better business decisions.

For example, digitalization tools and platforms help operate renewable energy plants with automated processes for better and more informed decision-making. One way this happens is the energy interconnections they propose form the basis for a more decentralized generation, avoiding isolated ‘energy islands’. These platforms also reduce downtime by offering alerts based on predictive maintenance and anticipating asset maintenance. They can allow a more accurate forecast of weather and market conditions, which helps to maximize renewable production through a deep analysis of all information received in real-time, to be able to make decisions to maintain energy stability to meet demand.

Data trust is at the core and essence of digitalization. Trust is needed in the data systems used to optimize their operations and that the commands sent to equipment are being properly authenticated and authorized. Ultimately, the ability to share sensitive data among disparate parties – regulators, grid operators, energy retailers, and consumers – relies on trust that data is not exposed, manipulated, egressed, or tainted.

Trusting The Data

So, trust in IoT data undoubtedly has a role to play in our clean energy transition. It is necessary to help solve the challenges for energy companies to understand when energy is needed, where it is going to be sent or stored, and exactly how it ends up being used to help improve infrastructure and enable appropriate responses to demand/response curves at peak times. This sounds great, BUT there are some security challenges that need to be overcome.

IoT devices can serve as entry points for attacks that steal sensitive data, transmit false information, take control of a device’s functionality, and even compromise development and manufacturing systems. At the same time, the energy industry is increasingly being targeted by attackers.

Security has been one of the key issues around the digitalization of energy. There have been many energy-related security incidents in the past, such as in (i) 2021, when U.S. clean-power giant Invenergy LLC said it found unauthorized activity on some of its systems. REvil, the group behind this attack, also attacked other companies such as meat giant JBS SA. (ii) Also, in 2021, hackers breached Colonial Pipeline using a compromised password. Investigators suspect hackers got the password from the dark web (iii) Nordex SE and Deutsche Windtechnik AG were also hacked over several months. Enercon GmbH reportedly experienced ‘collateral damage’ from the Viasat hack.

Industry initiatives around the world have focused on creating cyber resilience in critical infrastructure. One initiative is to deliver and manage cryptographically secure device identities to meet critical IoT security needs around authentication, encryption, and code signing. Public key infrastructure (PKI) for IoT operates at a completely different level of scale and complexity from standard enterprise PKI setups. It must be able to handle provisioning of very large numbers of devices—in the order of millions per day. It also requires a more nuanced data structure that contains various types of metadata, authorization statements, multiple cryptographic credentials, and mechanisms to securely manage and update the device’s identity throughout its lifecycle. Operating a secure PKI service requires specialized facilities, secure hardware, and other exacting technologies and processes.

Persistent protection and governance of data must be layered on top of device and network security. Not just for data in transit but also when at rest and in use. The rise of zero-trust network architectures is a solution to a fundamental problem – without persistent data governance while in use and at rest, it doesn’t matter if data is protected in transit. Energy IoT networks need to engender explicit trust in the data they handle. This involves hardening endpoints and protecting data in all of its phases. From its generation at the sensor edge; to transmission to a point of consumption traversing untrusted hubs and networks; to its processing in a protected environment; and ultimately to sending commands to IoT devices at the edge again, energy data must be protected in transit, in use, and in processing.

Authors Bio:

Amandeep Grover – Strategy & Partnerships lead for Qualcomm

Amandeep Grover, MBA, CFA, is Strategy & Partnerships lead for Qualcomm and has over 15 years of experience in the Information Technology industry.  He has spent the 5 years aiding in the development of a comprehensive, strategic growth plan for Qualcomm business units and conducts market research, identifies new business opportunities and develops strategic initiatives and partnerships to drive Qualcomm strategy to exploit those opportunities. He spearheads various strategy development, product development and industry partnership opportunities across the entire mobile ecosystem including security and voice technologies, and engages with Qualcomm’s top management team to develop and drive new future tactics.  He has a Master of Business Administration (M.B.A.), focused in Corporate Finance and Strategy from University of Wisconsin-Madison.

Julian Durand, Vice President of Product Management at Intertrust Technologies

Julian is an accomplished product owner, team leader, and creative inventor with more than 25 years of success in bringing breakthrough products to market at a massive scale. He is a named inventor in Digital Rights Management (DRM), Internet of Things (IoT) and virtual SIM technologies, was the technical lead for the first music phone and pioneered vSIM and IoT businesses at Qualcomm. Julian has also productized SaaS and PaaS offerings in construction telematics, real-time child tracking, and cyber risk data analytics and is currently a CISSP (Certified Information System Security Professional). 


Siemens – Bridging the Energy Divide

IEA – Security of clean energy transition

Atlantic Council – Cybersecurity in energy transition

Telefonica –