We need workforce development for cybersecurity in the energy sector

As we move through this new chapter in our country’s history, it is obvious that we need to be prepared for all forms of crisis scenarios and to pay renewed attention to resilient systems — and developing the trained workforce that understands and can manage them.

The threat of cyberattacks on physical infrastructure, such as the electric grid, network of oil and gas pipelines, and economy at large is a real concern in our contemporary world. Recent research states that cyberattacks will cost approximately $6 trillion annually by 2021.

The positive trends of digitalization, decentralization, and decarbonization are transforming the U.S. electric energy system, but that’s also creating new challenges in protection, control, and operation of the system. For example, microgrids, rise of prosumers (i.e., entities that both produce and consume electricity), and the inherently distributed nature of renewable energy sources in general increases the number of access points for would-be hackers.   

However, our nation has a growing shortfall of trained experts in cybersecurity, particularly those who understand industrial control systems and physical infrastructure like electric grids.

In North America, 66 percent of cybersecurity professionals believe that there are currently too few workers in their departments, and unfilled cybersecurity jobs are expected to reach over 4 million worldwide by 2021. This has been attributed to low numbers of qualified personnel throughout the country. Cybersecurity job postings have been up 74 percent over the past five years, and of those jobs, cybersecurity engineers are some of the highest-paid positions, making $140K annually on average.

As Congress considers various proposals as part of larger stimulus funding discussions, we believe that funding should be put in place for a regional network of university-based centers to perform advanced R&D, develop a trained, globally competitive workforce and the underpinning educational programs and resources to guarantee the U.S. workforce remains adaptable to these threats on cyber physical systems. These centers should be distributed regionally across the country in order to address each region’s distinctive characteristics, and to partner with regional utilities, national labs, regulatory and policy bodies, and coordinate closely with relevant federal agencies, such as DOE and DHS.  

These regional centers could elevate the quality and quantity of human capital resources who would understand the convergent challenges of clean, reliable electric power, industrial control systems, and cybersecurity under a nationally coordinated program. 

The security of networked critical infrastructure has never been more critical. This is particularly true for the U.S. electric grid due to the evolving generation mix and the increase in both the probability and severity of cyber threats — whether private-, state- or terrorist-funded. It is time to aggressively kickstart programs to develop the human capital to protect our industrial infrastructure from cyberattacks. 

Dr. Tim Lieuwen holds the David S. Lewis, Jr. Chair and is the executive director of the Strategic Energy Institute at Georgia Tech and the Chief Technology Officer of TurbineLogic. A 2018 inductee into the National Academy of Engineering, Dr. Lieuwen has authored or edited four combustion books, including the textbook Unsteady Combustor Physics. 

Dr. Wenke Lee is John P. Imlay, Jr., Chair of Software and professor of computer science in the College of Computing at Georgia Tech, where he has taught since 2001. He also serves as executive director of the Institute for Information Security & Privacy (IISP) and is responsible for leading Georgia Tech’s cybersecurity research and education.

Raheem Beyah serves as Georgia Tech’s Vice President for Interdisciplinary Research, Executive Director of the Online Masters of Cybersecurity program (OMS Cybersecurity), Co-Founder Fortiphyd Logic and is the Motorola Foundation Professor in the School of Electrical and Computer Engineering.