Blockchain and the Energy Sector

Richard Shandross, Associate Director, Navigant Consulting

Richard Shandross, Associate Director, Navigant Consulting

It’s an odd thing – but not unusual – to see energy industry CEOs, strategists, journalists, and consultants be excited about a data structure (i.e., blockchain). Apparently, for many people blockchain serves as a proxy for disruptive innovation and a source of hope for massive energy sector transformation. Even so, on blockchain conference panels one can hear talk of the Gartner Hype Cycle and warnings of blockchain being “a hammer in search of a nail.” So, is blockchain a great disruptor or a great deceiver? Given how immature the technology is at the moment, this question is a bit like asking whether a precocious toddler will grow up to be a great scientist or a bank robber.

After much consideration, the energy industry seems to be converging on several best-fit uses for blockchain in these early days:

• To provide provenance. A typical application is a Renewable Energy Credit (REC) market.
• To reduce market friction. Projects include wholesale energy markets, billing, and energy supplier registration.
• For asset trading. Blockchains that allow tokens and other smart contract constructs permit users to trade a variety of assets, including power grid flexibility, renewable energy, and electric vehicle charger access.

Common to all of the above is the need for multiple parties to coordinate in an environment of no or limited trust. The blockchain itself is the trusted authority of the system.

Currently, energy sector blockchain efforts are pilots and proof-of-concept projects. Case studies documenting benefits that are clearly attributable to the use of blockchain are virtually nonexistent. Like the precocious child, we don't yet know what blockchain will offer to the energy space. For blockchain’s potential to be realized, we need to think about this toddler’s developmental needs.

"Whether the data be valid or not, blockchain inputs and outputs are vulnerable at the interface between the chain and the external world"

Validation and Custody Issues

Most cryptocurrencies based on blockchain (e.g., Bitcoin) have an advantage over non-currency applications in that their asset of interest is born, lives, and dies on the blockchain. Any node in the system can validate and trace the asset over its entire life to ensure that it’s valid and has not been double-spent. The blockchain provides strong integrity in this case.

On the other hand, energy applications will largely involve assets that exist independently of the blockchain, such as kilowatt-hours of energy. The tracking or trading benefits of blockchain will only accrue when information is placed on the chain via a transaction. Note that information and state documentation (about decisions, ownership, etc.) are also external assets in this sense. Algorithms can only validate data to the extent that such validity can be checked by observable properties of the data and the transaction stream.

Thus, the provenance, validity, and value of external assets cannot be determined or protected using only a blockchain, no matter how immutable its data: garbage in means garbage on (the chain) and garbage out. Sadly, the common understanding of blockchain benefits has yet to include this fact. To reach blockchain’s full potential, solutions need to ensure the integrity of both the input and output data streams in addition to the protection of the blockchain itself.

Vulnerabilities: Interfacial, External, and Internal

Whether the data be valid or not, blockchain inputs and outputs are vulnerable at the interface between the chain and the external world. In the public cryptocurrency domain, there are numerous documented breaches of user wallets and crypto exchanges. Fortunately, the permissioned enterprise blockchains that will comprise most energy sector solutions will generally have a smaller attack surface – but permissioning access does not completely solve the problem.

External vulnerabilities are also a concern. A number of attacks have been documented by researchers, and some have even occurred with public blockchains in the wild. Private blockchains are more vulnerable than public systems to malware issues, having fewer participants and a system that’s likely to push updates to them. The Asus “Shadow Hammer” hack is a powerful caution to energy blockchain developers.

Even internal vulnerabilities are concerning. One such type is design flaws, such as the Ethereum smart-contract DAO theft and the recently found issue grounding the Swiss voting blockchain. Even a well-designed system could be abused by malicious actors, for example by an upload of company-proprietary information to metadata fields. One cryptocurrency was found to have links to child pornography on the chain, and another had actual encoded images. Energy blockchains may have more limited participation, but mal-intent can exist anywhere.

Some energy blockchains will have a feature that solutions in many other sectors will lack: monitoring and/or control of power-grid or other equipment. Developers of energy solutions must be particularly careful in designing products in which a breach or abuse could: (a) reveal sensitive information about the grid or its customers or, just as worrisome, (b) provide a bad actor the opportunity to control equipment that could harm people and property.

Hacks of energy blockchain systems are not yet an issue because the technology is new, the systems have not been rolled out or scaled up, and there is not (yet)a significant value to them. All of that will change as the technology matures.

Engagement Choices

In light of the high potential and low maturity of blockchain, how should an enterprise engage with the technology? That depends on the organization’s goals, resources, and risk tolerance. Here are some current stances that energy organizations are taking:

• Ignore blockchain. This is not advisable, but currently, it can be hard to argue against this tactic.
• Wait until the technology is mature and the benefits and risks are proven. Measure this approach in years.
• Dive in headlong. This can range from major test projects to betting the farm. It’s a must for most solution developers.
• Follow developments but be cautious, preparing for rapid ramp-up if a high-upside, low-downside opportunity appears.

In all but the first approach, engaging with blockchain should be accompanied by a sound due diligence approach. Be sure that it covers benefits, system and business process compatibility, verification that the solution will behave as advertised, and a vulnerability assessment.

Read Also

Embracing the Next Generation of Asset Security with AI and IoT

Embracing the Next Generation of Asset Security with AI and IoT

Matthieu Le Taillandier, General Manager for Western Europe at STANLEY Security, now part of Securitas
What Exactly is Non-Financial Risk?

What Exactly is Non-Financial Risk?

Gus Ortega, Head of Operational Risk Management at Voya Financial
#Keeping It REAL With Your Security Vendors#

#Keeping It REAL With Your Security Vendors#

Robert Pace, VP/CISO, Invitation Homes
Security For IT/OT Convergence

Security For IT/OT Convergence

Christopher Nichols, Director OT/ IT Resiliency & Support, Stanley Black & Decker
Security Architecture In Theory And In Practice: Why Security Should Be Considered Among The Main Pillars Of The Organization's Enterprise Architectur

Security Architecture In Theory And In Practice: Why Security...

Marco Morana, Head of Security Architecture,JPMorgan Chase & Co.
Fighting Fraud is a Combination of Effective Preventive Systems, Use of Skillful Staff and Employee Awareness

Fighting Fraud is a Combination of Effective Preventive Systems,...

Kim Siren, Head of Fraud Management at OP Financial Group