Blockchain and the Energy Sector

Richard Shandross, Associate Director, Navigant Consulting

Richard Shandross, Associate Director, Navigant Consulting

It’s an odd thing – but not unusual – to see energy industry CEOs, strategists, journalists, and consultants be excited about a data structure (i.e., blockchain). Apparently, for many people blockchain serves as a proxy for disruptive innovation and a source of hope for massive energy sector transformation. Even so, on blockchain conference panels one can hear talk of the Gartner Hype Cycle and warnings of blockchain being “a hammer in search of a nail.” So, is blockchain a great disruptor or a great deceiver? Given how immature the technology is at the moment, this question is a bit like asking whether a precocious toddler will grow up to be a great scientist or a bank robber.

After much consideration, the energy industry seems to be converging on several best-fit uses for blockchain in these early days:

• To provide provenance. A typical application is a Renewable Energy Credit (REC) market.
• To reduce market friction. Projects include wholesale energy markets, billing, and energy supplier registration.
• For asset trading. Blockchains that allow tokens and other smart contract constructs permit users to trade a variety of assets, including power grid flexibility, renewable energy, and electric vehicle charger access.

Common to all of the above is the need for multiple parties to coordinate in an environment of no or limited trust. The blockchain itself is the trusted authority of the system.

Currently, energy sector blockchain efforts are pilots and proof-of-concept projects. Case studies documenting benefits that are clearly attributable to the use of blockchain are virtually nonexistent. Like the precocious child, we don't yet know what blockchain will offer to the energy space. For blockchain’s potential to be realized, we need to think about this toddler’s developmental needs.

"Whether the data be valid or not, blockchain inputs and outputs are vulnerable at the interface between the chain and the external world"

Validation and Custody Issues

Most cryptocurrencies based on blockchain (e.g., Bitcoin) have an advantage over non-currency applications in that their asset of interest is born, lives, and dies on the blockchain. Any node in the system can validate and trace the asset over its entire life to ensure that it’s valid and has not been double-spent. The blockchain provides strong integrity in this case.

On the other hand, energy applications will largely involve assets that exist independently of the blockchain, such as kilowatt-hours of energy. The tracking or trading benefits of blockchain will only accrue when information is placed on the chain via a transaction. Note that information and state documentation (about decisions, ownership, etc.) are also external assets in this sense. Algorithms can only validate data to the extent that such validity can be checked by observable properties of the data and the transaction stream.

Thus, the provenance, validity, and value of external assets cannot be determined or protected using only a blockchain, no matter how immutable its data: garbage in means garbage on (the chain) and garbage out. Sadly, the common understanding of blockchain benefits has yet to include this fact. To reach blockchain’s full potential, solutions need to ensure the integrity of both the input and output data streams in addition to the protection of the blockchain itself.

Vulnerabilities: Interfacial, External, and Internal

Whether the data be valid or not, blockchain inputs and outputs are vulnerable at the interface between the chain and the external world. In the public cryptocurrency domain, there are numerous documented breaches of user wallets and crypto exchanges. Fortunately, the permissioned enterprise blockchains that will comprise most energy sector solutions will generally have a smaller attack surface – but permissioning access does not completely solve the problem.

External vulnerabilities are also a concern. A number of attacks have been documented by researchers, and some have even occurred with public blockchains in the wild. Private blockchains are more vulnerable than public systems to malware issues, having fewer participants and a system that’s likely to push updates to them. The Asus “Shadow Hammer” hack is a powerful caution to energy blockchain developers.

Even internal vulnerabilities are concerning. One such type is design flaws, such as the Ethereum smart-contract DAO theft and the recently found issue grounding the Swiss voting blockchain. Even a well-designed system could be abused by malicious actors, for example by an upload of company-proprietary information to metadata fields. One cryptocurrency was found to have links to child pornography on the chain, and another had actual encoded images. Energy blockchains may have more limited participation, but mal-intent can exist anywhere.

Some energy blockchains will have a feature that solutions in many other sectors will lack: monitoring and/or control of power-grid or other equipment. Developers of energy solutions must be particularly careful in designing products in which a breach or abuse could: (a) reveal sensitive information about the grid or its customers or, just as worrisome, (b) provide a bad actor the opportunity to control equipment that could harm people and property.

Hacks of energy blockchain systems are not yet an issue because the technology is new, the systems have not been rolled out or scaled up, and there is not (yet)a significant value to them. All of that will change as the technology matures.

Engagement Choices

In light of the high potential and low maturity of blockchain, how should an enterprise engage with the technology? That depends on the organization’s goals, resources, and risk tolerance. Here are some current stances that energy organizations are taking:

• Ignore blockchain. This is not advisable, but currently, it can be hard to argue against this tactic.
• Wait until the technology is mature and the benefits and risks are proven. Measure this approach in years.
• Dive in headlong. This can range from major test projects to betting the farm. It’s a must for most solution developers.
• Follow developments but be cautious, preparing for rapid ramp-up if a high-upside, low-downside opportunity appears.

In all but the first approach, engaging with blockchain should be accompanied by a sound due diligence approach. Be sure that it covers benefits, system and business process compatibility, verification that the solution will behave as advertised, and a vulnerability assessment.

Read Also

How to Leverage Zero Trust to Combat Fraud

How to Leverage Zero Trust to Combat Fraud

John Kupcinski, Director, Information Security Transformation, Freddie Mac
Mitigating Cybersecurity Risks

Mitigating Cybersecurity Risks

Giuseppe Donvito, Partner, P101 Ventures ("P101")
The Evolution of Cybersecurity in the COVID-19 Era

The Evolution of Cybersecurity in the COVID-19 Era

Cedric Gourio, Chief Information Security Officer, Allianz Partners
The Key Practices to Reduce Turnover and Shorten Time to Fill Positions

The Key Practices to Reduce Turnover and Shorten Time to Fill...

Dave Stirling, Chief Information Security Officer, Zions Bancorporation
In 2021, the Last Thing We Need is Another Security Tech Hero

In 2021, the Last Thing We Need is Another Security Tech Hero

Henry Mason, VC Investor, Dawn Capital
 Are You an Information Security Manager?

Are You an Information Security Manager?

Jana Puskacova, CISO, Slovnaft