11/01/2018 – Infrastructure / Power Grid / Electric / Cyber Attacks / Accenture
Many utilities across the world believe cyber attacks could bring down the electric distribution grid in the next five years, research from Accenture finds. Combined with anticipated risk to both employee and customer safety, and to physical assets, unprepared distribution utilities must act now to improve cyber security capabilities, its experts stress.
Almost two-thirds (63 per cent) of utility executives believe their country faces at least a moderate risk of electricity supply interruption from a cyber attack on electric distribution grids in the next five years. This figure, included in Accenture’s new report ‘Outsmarting Grid Security Threats’ – part of the Digitally Enabled Grid research programme – rises to 76 per cent for North American utilities executives.
The survey of more than 100 utilities executives from over 20 countries revealed interruptions to the power supply from cyber attacks is the most serious concern, cited by 57 per cent of respondents. Just as worrying is the physical threat to the distribution grid. Some 53 per cent of executives cite employee and/or customer safety, and 43 per cent of executives cite the destruction of physical assets, as their biggest concerns.
“As highly sophisticated, weaponised malware is being developed, a greater risk to distribution businesses arises from cyber criminals and others who would use it for malicious purposes,” said Stephanie Jamison, Managing Director at Accenture Transmission and Distribution. “Attacks on industrial control systems could disrupt grid reliability, and the safety and well-being of employees and the public. Not getting it right could be a brand killer, as well as a real threat for a country and the community.”
While the increased connectivity of industrial control systems enabled by the smart grid will drive significant benefits in the form of safety, productivity, improved quality of service and operational efficiency, 88 per cent of those surveyed agreed that cyber security is a major concern in smart grid deployment. Distribution utilities are also increasingly exposed by the growth of connected Internet of Things (IoT) domestic devices, such as connected home hubs and smart appliances. These bring a new risk to distribution companies – one that is hard to quantify, with 77 per cent of utilities executives suggesting IoT as a potential threat to cyber security.
In Asia Pacific and Europe, cyber criminals are seen as the biggest risk for distribution businesses by almost a third of respondents. However, in North America, attacks by governments are considered a bigger risk than in regions worldwide (32 per cent).
“Deployment of the smart grid could open new attack vectors if cyber security is not a core component of the design,” continued Mr Jamison. “However, the smart grid can also bring sophisticated protection to assets that were previously vulnerable through improved situational awareness and control of the grid.”
Developing a resilient delivery system
A significant number of distribution utilities have much to do in developing a robust cyber response capability, with more than four in 10 respondents claiming cyber security risks were not (or were only partially) integrated into their broader risk management processes.
In addition, the increasing convergence of physical and cyber threats requires the development of capabilities that go well beyond simple security-related national compliance requirements. Utilities must invest in resilience of their smart grid, as well as effective response and recovery capabilities.
Proper protection is challenging due to the complexity of distribution electric grids and increasingly sophisticated, well-funded attackers – and many distribution utilities are still under-protected and under-prepared. Only six per cent of those surveyed said that they felt extremely well-prepared and less than half (48 per cent) considered themselves well-prepared when it came to restoring normal grid operations following a cyber attack.
“Cybersecurity must become a core competency in the industry by protecting the entire value chain and the extended ecosystem end-to-end. Utilities – already well-versed in reliable power delivery and power restoration – need an agile and swift capability that creates and leverages situational awareness, and that can quickly react and intervene to protect the grid,” said Jim Guinn, the Managing Director who leads Accenture’s security practice for resources industries. “Developing this new capability will require on-going innovation, a practical approach to scaling, and collaboration with partners to drive the most value.”
Building and scaling cyber defence
While there is no single path forward, there are some moves that any distribution business should consider to strengthen resilience and response to cyber attack. These include integrating resilience into asset and process design, including cyber and physical security; sharing intelligence and information as a critical activity that could help create situational awareness of the latest threat landscape and how to prepare accordingly; and developing security and emergency management governance models.
For more information on how distribution utilities can effectively manage cyber security, access Accenture’s new report, ‘Outsmarting Grid Security Threats’ here: www.accenture.com/us-en/insight-utilities-outsmart-grid-cybersecurity-threats