The Latest News

Keep up-to-date with the latest in  Active Efficiency.

4/9/21 Dan Power, Research and Analysis Intern, Alliance to Save Energy

Cybersecurity in Active Efficiency

Active Efficiency often involves optimizing the interactions between physical devices through greater controls and connectivity, relying on a foundation of advanced metering infrastructure and/or broadband internet. But any time a technology uses the digital world to connect to devices in the physical world, it’s important to consider cybersecurity. Cyber breaches in the energy world can result in power loss, financial damages, customer data exposure, and even physical harm from lack of access to critical services that require power, like medical equipment, heating, and cooling. As energy efficiency steps into the digital age, let’s take a look at some of the major cybersecurity challenges we must consider – and promising solutions.


Nearly all digital technologies bring cybersecurity challenges, and the energy sector is no stranger to cyber-related incidents. In 2016, 20% of all cyber incidents in the United States occurred in the energy sector. With more devices and buildings coming online, hackers are no longer limited to the supply side with utility-level resources as targets, but also have an increasing number of opportunities on the demand side.

A central aspect of Active Efficiency is the transfer of customer energy usage data. While this offers opportunities for households to improve upon their energy savings, such as having a smart thermostat automatically adjust settings to optimize occupants’ comfort and energy consumption, we need to look at the potential risks, too. If energy usage data is compromised, it could be used by hackers to establish behavior patterns and, when combined with general customer information like names and addresses, could present an opportunity for criminal activities like house burglaries. 

As digital technology becomes ubiquitous in the energy sector, we need to ensure potential cyber weak spots are not overlooked so that providers and end users are able to safely enjoy all the many benefits of Active Efficiency.


Establishing widespread, safe, and effective use of the next generation of energy efficiency technologies requires us to address the future cyber needs of the energy space. Educating users of these technologies about the cybersecurity risks and best practices is pivotal. Implementers of Active Efficiency must also examine their current cybersecurity readiness to determine where improvements might be made; for example, building owners might consider upgrading their IT infrastructure. And as policymakers begin to legislate in this space, they could look to other industries like banking, healthcare, and national security where cybersecurity is already at the forefront when establishing requirements for internet-enabled technology in the energy sector. In any case, using internet-enabled devices that have security features incorporated into their design process would be a great first step to safeguarding users.

Steps have already been taken in response to the growing digitalization of everyday life. In December 2020, Congress passed the Internet of Things Cybersecurity Improvement Act of 2020 which requires the National Institute of Standards and Technology (NIST) to develop cybersecurity standards and establish use guidelines for internet-enabled devices managed by agencies of the federal government. Shortly after the law was passed, NIST published draft guidance on requirements for such devices. The guidance includes steps like requiring new devices to have a unique identifier and the ability to receive software patches for updates. These types of actions are critical to getting the most out of Active Efficiency while keeping users safe.

Integrating internet connectivity into physical objects presents an enormous opportunity for energy efficiency. If cyber concerns are properly considered and addressed, connected technologies can have a significant, positive impact advancing energy savings and decarbonization without sacrificing user security or privacy.