Coupled with anticipated risk to employee and customer safety and physical assets, unprepared distribution utilities must act now to improve cybersecurity capabilities
According to a global survey by Accenture, almost two-thirds (63 percent) of utility executives believe their country faces at least a moderate risk of electricity supply interruption from a cyberattack on electric distribution grids in the next five years. This figure, included in Accenture’s (NYSE: ACN) new report, Outsmarting Grid Security Threats, part of the Digitally Enabled Grid research program, rises to 66 percent for Asia Pacific utilities executives.
The survey of more than 100 utilities executives from over 20 countries revealed interruptions to the power supply from cyberattacks is the most serious concern, cited by 57 percent of global respondents. Just as worrying is the physical threat to the distribution grid. Fifty-three percent of global executives cite employee and/or customer safety and 43 percent cite the destruction of physical assets as their biggest concerns.
Sandeep Dutta, Managing Director and Lead, Resources, Accenture in India said, “Cyber Security is a critical, universal issue. Supported by the National Smart Grid mission, distribution companies across India are on the road to digitization. As they ramp up, it is important that they consider the potential perils to their networks and to their customers, and embed cyber security as a core component of the design.”
While the increased connectivity of industrial control systems enabled by the smart grid will drive significant benefits in the form of safety, productivity, improved quality of service and operational efficiency, 88 percent globally agreed that cybersecurity is a major concern in smart grid deployment.
Distribution utilities are also increasingly exposed by the growth of connected Internet of Things (IoT) domestic devices, such as connected home hubs and smart appliances. These bring a new risk to distribution companies, which is hard to quantify, with 78 percent of Asia Pacific utilities executives suggesting IoT as a potential threat to cybersecurity.A third of the respondents in Asia Pacific also consider cyber criminals as the biggest risk for distribution businesses.
Utilities must improve cybersecurity capabilities and develop a resilient delivery system
A significant number of distribution utilities have much to do in developing a robust cyber response capability with more than four in 10 respondents claiming cybersecurity risks were not, or were only partially integrated, into their broader risk management processes.
In addition, the increasing convergence of physical and cyber threats requires the development of capabilities that go well beyond simple security-related national compliance requirements. Utilities must invest in resilience of their smart grid as well as effective response and recovery capabilities.
Proper protection is challenging due to the complexity of distribution electric grids and increasingly sophisticated, well-funded attackers, and many distribution utilities are still under-protected and under-prepared. Only 3 percent of the Asia Pacific utilities felt extremely well-prepared and 44 percent well-prepared, when it came to restoring normal grid operations following a cyberattack.
“Cyber Security needs an ongoing focus, and distribution utilities in India need to build competencies that help protect the entire value chain – innovation, training of people and eco-system collaboration will be key,” Dutta added.
Moves to build and scale cyber defence
While there is no single path forward, there are some moves any distribution business should consider to strengthen resilience and response to cyberattack, such as:
- Integrate resilience into asset and process design, including cyber and physical security,
- Share intelligence and information as a critical activity that could help create situational awareness of the latest threat landscape and how to prepare accordingly, and,
- Develop security and emergency management governance models.