<p>Combining traditional oil infrastructure with distributed renewable energy resources (DERs), including critical grid-edge assets like electric vehicle (EV) charging infrastructure that link transportation and power systems, has created hybrid energy systems that are more connected and digitally complex. These systems integrate legacy operational technologies (OT), such as SCADA, with decentralized, IoT-enabled assets that often rely on cloud-based analytics and remote connectivity. This conjunction introduces cybersecurity risks by linking historically isolated OT environments to modern, internet-exposed components, creating more entry points, inconsistent security baselines, and new attack surfaces. The resulting vulnerabilities extend beyond traditional IT-centric threat models. Conventional cybersecurity strategies, which prioritize technical controls in isolation, often fail to address systemic risks stemming from institutional fragmentation, regulatory gaps, and third-party dependencies. This study introduces a Socio-Technical Resilience Framework grounded in the Systems-Theoretic Accident Model and Processes (STAMP) and Socio-Technical Systems (STS) theory to access and mitigate cyber risks in hybrid grids. Through comparative case studies of the Colonial Pipeline ransomware event and cyber disruptions in European DER infrastructure, the paper finds that fragmented coordination, isolated threat intelligence, and weak human-system integration significantly amplify cyber impacts that undermine static, perimeter-based defense models. The study contributes a layered framework for cyber resilience that operates across three domains: (1) technical (via zero-trust architecture and distributed anomaly detection), (2) organizational (through shared situational awareness and cognitive decision-support tools), and (3) governance (by leveraging federated threat intelligence and regulatory harmonization). This multi-domain approach enhances both operational flexibility and long-term sustainability. Ultimately, the paper demonstrates that enduring cyber resilience in hybrid energy systems requires more than patching vulnerabilities. It demands a systemic rethinking of control, coordination, and design. The framework and findings offer a forward-looking roadmap for securing the energy sector against evolving threats in an era of distributed complexity.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A socio-technical framework for cyber-resilience in hybrid oil-renewable energy grids

  • Bryan Anderson,
  • Gahangir Hossain

摘要

Combining traditional oil infrastructure with distributed renewable energy resources (DERs), including critical grid-edge assets like electric vehicle (EV) charging infrastructure that link transportation and power systems, has created hybrid energy systems that are more connected and digitally complex. These systems integrate legacy operational technologies (OT), such as SCADA, with decentralized, IoT-enabled assets that often rely on cloud-based analytics and remote connectivity. This conjunction introduces cybersecurity risks by linking historically isolated OT environments to modern, internet-exposed components, creating more entry points, inconsistent security baselines, and new attack surfaces. The resulting vulnerabilities extend beyond traditional IT-centric threat models. Conventional cybersecurity strategies, which prioritize technical controls in isolation, often fail to address systemic risks stemming from institutional fragmentation, regulatory gaps, and third-party dependencies. This study introduces a Socio-Technical Resilience Framework grounded in the Systems-Theoretic Accident Model and Processes (STAMP) and Socio-Technical Systems (STS) theory to access and mitigate cyber risks in hybrid grids. Through comparative case studies of the Colonial Pipeline ransomware event and cyber disruptions in European DER infrastructure, the paper finds that fragmented coordination, isolated threat intelligence, and weak human-system integration significantly amplify cyber impacts that undermine static, perimeter-based defense models. The study contributes a layered framework for cyber resilience that operates across three domains: (1) technical (via zero-trust architecture and distributed anomaly detection), (2) organizational (through shared situational awareness and cognitive decision-support tools), and (3) governance (by leveraging federated threat intelligence and regulatory harmonization). This multi-domain approach enhances both operational flexibility and long-term sustainability. Ultimately, the paper demonstrates that enduring cyber resilience in hybrid energy systems requires more than patching vulnerabilities. It demands a systemic rethinking of control, coordination, and design. The framework and findings offer a forward-looking roadmap for securing the energy sector against evolving threats in an era of distributed complexity.