New Study Finds Utilities Feeling Unprepared for Cyberattacks

Cyber attacks pose a clear threat to electric power systems – but many firms feel exposed

Computing and the internet have transformed utilities companies. Inexpensive and easy-to-deploy devices make monitoring the electrical grid far easier, enabling power plants to operate more efficiently. Smart meters cut back on labor costs and give users better information about their electricity use.

When disasters strike, information gained from a connected grid helps coordinate service restoration, leading to less downtime. Other utility companies benefit from easier communication and more automation. All of these advances, however, present a potential risk: Cyberattacks.

The Threat From IoT

Accenture’s new report, Outsmarting Grid Security Threats, was based on input from more than 100 utilities executives spanning more than 20 countries. Nearly two-third, 63 percent, stated a belief that their country was of at least moderate risk of power interruptions due to cyberattacks. When asked about smart grids, 88 percent called cybersecurity a major concern. The survey also asked about the Internet of Things, which is nearly universally cited as a critical tool for making the most of smart grids. Seventy-seven percent of respondents claimed the IoT was a potential threat to grid security.

Accenture’s report found a shocking lack of readiness (infographic: Accenture)

Opinions differed based on geography. In the United States, 32 percent of respondents viewed attacks from foreign governments to be the biggest cybersecurity thread. In Europe and Asia Pacific, nearly one-third of respondents pointed to attacks from criminal groups as being the largest threat.

Some of the finding point to clear problems within companies. Of those surveyed, nearly 40 percent noted that cybersecurity risks were, at most, only partially integrated into their broader risk management processes. Only six percent of respondents felt they were extremely prepared for restoring the grid to normal operations. In total, only 48 percent felt prepared to restore normal grid operations.

Also a matter of concern is the increasing convergence of cyber and physical systems. One of the key benefits of bringing tech to the electrical grid is abstracting the process, which allows managers and others to get concise and manageable overviews of their operations. This tighter integration, however, creates more vectors of attacks while increasing the damage that can be done.

Jim Guinn, managing director of Accenture’s security practice believes the need to innovate requires  “a practical approach to scaling, and collaboration.”

Cybersecurity must become a core competency in the industry by protecting the entire value chain and the extended ecosystem end-to-end. Utilities, already well-versed in reliable power delivery and power restoration, need an agile and swift capability that creates and leverages situational awareness, and that can quickly react and intervene to protect the grid.

Preparing for cyberattacks will require a multi-faceted approach, according to Accenture. Integrating resilience into process and asset design is critical for laying a strong foundation for other security practices. It’s also important for companies to work together; creating a platform for communicating with other companies about threat risks, for example, can help keep the grid as a whole in better condition. An important action companies can take immediately is to place an emphasis on creating governing models for security and emergency management.