Introduction: Ransomware attacks on Hawaiian Electric and how solar and battery storage can help homeowners
Many of us know that the utility grid in the United States is susceptible to power outages. Hawaii has one of the oldest electricity grids in the nation, and recent ransomware attacks have shown that utility companies are suitable to power outages caused by hackers. Solar and batteries provide homeowners in Hawaii and throughout the county the best option for avoiding blackouts during the next hacker attack on your local utility.
When the Colonial Pipeline was held hostage by cyber hackers in May of 2021, at first, most people viewed it as a minor passing story. As the pipeline remained closed for days and panic buying began, it started to become clear to most American's just how susceptible our infrastructure is to ransomware and hackers.
Ransomware attacks have been on the rise over the past decade and have already driven up gas and meat prices. The attacks have gotten so bad that White House officials have specifically mentioned public utilities as especially susceptible to attack. However, it is not just the White House, but one well-respected security firm estimated in 2020, hackers successfully launched around 65,000 ransomware attacks.
Hawaiian Electric (HECO) has been very open about the fact that they have undergone many cyber attacks over the past few years. As a result, HECO allocates a large budget to its cybersecurity and has increased the investment in this department by 20% a year.
If the Colonial Pipeline attack taught us anything, it only takes one mistake to cause massive infrastructure issues. Let's look at what ransomware attacks are, how they could impact the electricity grid in Hawaii and why getting solar and battery backup from Alchemy Solar is the best way for homeowners in Hawaii to protect themselves.
What is ransomware, and how is it being used to target our utilities and infrastructure?
Ransomware is a type of malware that has become the leading weapon with hackers and other computer-based criminals. The objective is to gain entry into an essential operating system or private information of a business, person, governmental agency, or utility.
Bad actors send emails to employees and private citizens that contain links or files that look innocuous. However, if the email recipient clicks on the link or inputs any sensitive information, the hackers could gain control of essential operating systems or banking information.
The rise of ransomware attacks has been attributed to a few factors, but the leading reason is that they are easy to execute. These attacks have proven to be relatively easy because many people, utilities, companies, or governmental agencies have inadequate cybersecurity systems.
Once the hackers have gained access to the victim's information or system, the malware will lock the system so that the owner can not utilize it. Once the system has been locked, the hacker will demand payment in the form of cryptocurrency or gift cards.
Depending on the importance of the system that the hackers have gained access to, the payments requested can be sizable. For example, in the Colonial Pipeline attack, the hackers were paid $5 million.
Once hackers have infiltrated a computer system, they can cripple the infrastructure of a business. In the case of attacks on utilities, the hackers can turn off critical programs essential to the functioning of power plants or grids. One expert said, "In my opinion, the power grid is a nightmare scenario" because of what would happen if a ransomware attack crippled a power company.
Electric Utilities and Cyber Attacks: Why are electric companies a focus for ransomware attacks?
When cybercriminals identify targets for attack ransomware attacks, they are looking for two things, flawed cybersecurity protocol and a high likelihood that the victim will pay the ransom request. For example, when explaining why ransomware attacks have increased on medical providers, one expert explained, "Many high-profile ransomware attacks have occurred in hospitals or other medical organizations, which make tempting targets: attackers know that, with lives literally in the balance, these enterprises are more likely to simply pay a relatively low ransom to make a problem go away." Because of the disruption that power outages cause, this same reasoning also applies to electric utilities.
The US power grid is aging and inefficient. Unfortuenly improvements to the grid have not been made across the country, which also applies to utility cyber defense.
Experts warn that a cyber attack could take control of a power utility system. Once in the utility system, hackers might have the ability to shut off power plants, disrupt safety procedures, or completely shut off the power in a worst-case scenario, leading to massive power outages for utility customers.
The recent power outages in Texas provide a glimpse into what is possible when the electricity grid is compromised. During the storm, 70% of EROCT customers lost power for an average of 48 hours. The power outage caused billions of dollars in damages and lost revenue, and tragically has been blamed for the deaths of 111 Texans.
This type of damage is hard to imagine, but when we think about how reliant our society is on electricity for staying connected to loved ones, our medical system, and business, it is easy to see why a cyberattack on a utility could be so devastating.
Because Hawaii is so isolated and our power grid is especially old, in some ways, it is even more vulnerable compared to other locations.
Hawaiian Electric (HECO) and cyber attacks: What is HECO doing to try and protect itself against the threat of ransomware, and why is ransomware a threat?
Running a utility in the middle of the Pacific Ocean presents some unique challenges for Hawaiin Electric. Unlike utilities on the mainland, because each island has an isolated power grid, HECO cannot pull power from neighboring utilities to stabilize the grid to avoid outages. HECO also has to ship expensive fossil fuel and coal to the islands for processing before it can be used to power Hawaii's Power Plants. Because of these challenges, Hawaii has the highest electricity costs in the nation and is especially susceptible to power outages.
In the past few years, HECO has seen an increase in the number of cyberattacks. In an attempt to protect its business against the dangers of ransomware, HECO invests millions of dollars into cybersecurity and plans to increase its cybersecurity budget by 20% a year.
HECO spokesperson Shannon Tangonan explained that every day HECO is attacked by hackers using ransomware. To protect HECO customers from power outages, HECO has systems that can also be activated to keep the grid operating. These manual systems may not keep the entire grid functioning, but they can help keep the power on some parts of Hawaii.
Besides increasing its investment in cybersecurity, the State is also looking to assist in improving Hawaiin Electric's cybersecurity. For example, GridX, a leading provider of cloud-based computing solutions for utilities, holds conferences for regulated utilities focusing on cybersecurity. Plans are underway to attend this event, with the goal of training and limiting the impact of cyber attacks on HECO.
Hawaiin Electric is an appealing target for cyber attackers not only because of how delicate its power grid is but because it is home to so many military installations. Because of the density of military locations on Oahu and the Outer Islands, it is not just amateur cyber attackers trying to make a quick buck going after HECO but, in some cases, highly trained State-sponsored organizations using ransomware to go after the power grid in Hawaii.
As Tangonan explains, "On Oahu, it's not just about grid security, it's about national security so we take that responsibility to keep the lights on for armed forces really seriously".
What can homeowners in Hawaii do to protect themselves against HECO ransomware-related power outages?
Targeting a victim with a cyberattack is quite simple, even though ransomware itself can be very sophisticated. Whether it is a utility, multinational corporation, or an individual, it usually just takes a click. For Hawaii's homeowners, making the switch over to solar and battery backup is the best way to protect themselves from cyberattacks on Hawaiin Electric.
When people think about adding solar and batteries in Hawaii, they think about the massive savings on an electricity bill and the increased home value that solar provides. The truth is that solar and home batteries provide so much more value than just utility savings.
Affordable solar batteries have changed the way that solar can provide value to homeowners and the utility. Solar batteries can provide backup power at the most basic level if a utility experiences a power outage and allow homeowners to store power to use when it is the most expensive.
The battery backup function is essential if a cyberattack shuts down a power grid. When combined with solar, the Tesla Powerwall 2 and LG Chem RESU 10H can power a home for days. In the case of a ransomware attack on Hawaii's power grid, the ability to keep the lights on, health devices powered, home business running, and families connected to the internet allow the home solar batteries to keep families safe in emergencies.
Solar batteries allow homeowners in Hawaii to protect themselves and help support the power grid in emergencies. In Hawaii and throughout the country, our relationship with Sunrun allows homeowners access to the Brightbox Battery Backup without paying out of pocket. Sunrun allows homeowners to get backup power without an enormous upfront cost giving homeowners flexible solar financing options like a monthly lease, prepaid power purchase agreement, solar financing, or a cash purchase.
On Oahu, Sunrun and HECO have come together on a Grid Service Agreement called Kukui Hele Pō. The program allows HECO to provide Oahu homeowners with compensation in exchange for HECO having the ability to pull small amounts of power from residential solar-powered batteries to support the power grid and limit the power outages.
HECO is already planning on deploying similar programs on Maui and Big Island and, in the future, will utilize Demand Response (DR) programs. A Demand Response in Hawaii could involve a significant incentive to help make batteries even more affordable for homeowners, and in exchange, HECO would be able to use the homeowner's batteries when needed. A Demand Response program could help protect HECO if they are attacked by ransomware or, in the case of a natural disaster, at a much lower cost than building traditional power production facilities.
Conclusion: Ransomware attacks against HECO are increasing. Homeowners can protect themselves with solar panels and home batteries.
Even as utilities like HECO invest more into cybersecurity, the sophistication of cybercriminals is also increasing. All it takes is one mistake by an employee or a breakdown in a cybersecurity system for the stability of Hawaii's electricity grid to be compromised and massive power outages to impact homeowners.
In our modern society, keeping power at home is not just about comfort, but the ability to keep families safe, in contact with emergency services and businesses run from home afloat. The only way to ensure that a home will retain power for multiple days in an emergency ransomware attack situation is by adding solar and batteries to your home. With Sunrun's Brightbox offering, adding solar and battery backup to your home requires no upfront cost and can also help save money on your Hawaiin Electric bill.
If you are interested in learning how to protect yourself against utility cyberattacks with home solar and battery backup, contact Alchemy Solar today for a free consultation.