Energy Communities and Cyber Security

Energy communities are based on local networks, connected by smart technology. This raises questions about potential security risks. What do we need to consider?

Energy communities allow energy to be shared locally across property boundaries. Smart energy communities can make a decisive contribution to ensuring that their members are less reliant on external energy. They are thus less dependent on fluctuating market prices.

Electricity Grid and Smart Meters

From a technical perspective, energy communities are billing constructs. In the vast majority of cases, the physical conditions of the electricity grid into which their members feed energy do not change. For example, anyone who operates their own photovoltaic system that feeds energy into the electricity grid, will also continue to feed energy into the grid as a member of an energy community. The difference, however, is that an energy company no longer bills the electricity generated. It is also offered locally to other members of the energy community – and billed at the energy community’s tariff. Smart meters made that possible. These meters can do far more than the electricity meters of the past. They do not only connect to the electricity grid, but also to the Internet of Things (IoT). But does networked and digital technology also create security risks when billing electricity?

The simple answer is yes – because wherever digital networking takes place and where organisations transfer data, there are risks and the need to think about cybersecurity.

Smart devices and security

Leonhard Esterbauer is a researcher at the interoperability of energy communities at the Vienna University of Technology. He explains the digital security risks for energy communities in an interview with the cybersecurity platform of the Austrian Center for Secure Information Technology. He states that “The networking of smart devices in the home or in company buildings naturally brings with it security-related problems. One of the most serious problems is when someone gains unauthorized access to my devices.” He gives the following advice to members of energy communities: “As everywhere on the Internet, it is important to check which of my data is processed, where and how.

As a general rule, a service should only collect the data that it actually needs for its operation. In addition, you should always question why the service needs to collect the date or send it somewhere. Dubious cloud devices are a negative example of this, and one should generally question the use of such devices. You should therefore only engage service providers that already have a good reputation. Otherwise you should have built up trust through independent checks.”

Policy and frameworks

Introducing: the Renewable Energy Directive (2018/2001/EU) of the European Union. It created the regulations and the binding framework for the establishment and operation of energy communities. And it led to a veritable boom in energy communities in many European countries. The scientific debate on the specific safety aspects of energy communities is developing slowly.

A 2023 research paper by a team of researchers led by Giovanni Gaggero from the University of Genoa, Italy, takes a concrete look at the new security risks posed by energy communities. The researchers analyzed architectures and protocols commonly used to build Smart Energy Communities, evaluating possible vulnerabilities. Their paper discusses solutions which society can employ to mitigate the risk, and highlights current gaps in the state of the art. They conclude: “Further work has to be done, in particular on the evaluation of the impact of potential attacks the distribution power grid.

In particular, the possibility that the platforms represent a single point of failure for compromising the distribution grid remains an open issue.” And in fact,  research on the particular security aspects of energy communities is happening. And a two-year research project at the university in Linköping, Sweden, which set-out in November 2023, focuses on developing new security methods for cloud-based energy systems. It also aims to develop new collaboration models that take into account the possibility of stakeholders to contribute to cyber security as well as market conditions in the context of energy communities.