The latest Accenture survey of more than 100 utilities executives from over 20 countries on Smart Grids’ cyber risk reveals an alarming overview of the situation. The analysis focuses on the security that has to be implemented in power distribution systems. More intelligent and connected, the power networks are more vulnerable than ever before. As cyber attacks proliferate, infrastructures are assessing the possible risks and determining the most effective cyber security solutions.
Cyber security: a major concern
Power grids face today a real threat, as they are prime targets for cyber criminals. Indeed, attacks on SCADA systems for example can be worrying: blackouts, economic and commercial damages, impacts on customers and employees’ safety, data theft and so on.
According to the Accenture study, Europe has 50% chance seeing the networks of its energy industries attacked within 5 years, causing supply chain disruptions. We know full well that this kind of threat is possible. The malware that hit the Ukrainian electricity grid in December 2015 is a perfect example.
These networks are more vulnerable than ever. To tackle this issue, electricity providers must react quickly to protect their infrastructure and ensure electricity supply, which is essential to the economy and society. Their strategy is dual: develop their digital capabilities and reinforce their cyber security.
Distribution utilities are exposed!
Energy transition and smart grids deployment raise many challenges in terms of industrial cyber security. Digital connectivity step up (production, distribution and consumption are interconnected) and the growth of IoT (which facilitates remote control, observation and control of the entire value chain) increases the ICS vulnerability and brings new risks.
Indeed, an attack affecting a critical node can endanger grid reliability and cause a complete system failure. Cybercriminals and nation-state attacks are seen as the biggest risks by distribution businesses (representing about 60% of the potential attackers).
The integration of IT with OT and the growth of IoT are new attack vectors for cyber hackers. 68% of European utilities executives suggest IoT is a potential threat to cyber security.
Other risks require greater scrutiny: access and authentication to devices and systems as well as suppliers of hardware and services.
There is a real agile cyber security policy and management to set up.
4 Moves to build and scale cyber defense
Power grids are more efficient with new “smart” technologies. Paradoxically, these technologies can also make the network more vulnerable to cyber attacks. This awareness forces the CISOs to take further action. Only 38% of these organizations have a cyber-response plan and 37% a cyber-incidence recovery. More than 40% of respondents said that cybersecurity risks were not, or only partially, integrated into their broader risk management processes. The two main concerns over cyber security attacks are: interruption to the power supply and employee/customer safety.
Halting advanced and highly sophisticated threats requires advanced cyber security technologies, including, for example, Security Event and Information Management (SIEM) solutions, white-list solutions, hardware virtualization, intrusion and detection solution and secured interface between IT and OT.
If a distribution business cannot defend itself against all cyber attacks, some monitoring and prevention solutions can reduce the risk to an acceptable level:
- Securing from conception involves taking the cyber security aspects into account in the specification and implementing a security and emergency management governance model. Designing and building resilient systems, in which security is embedded at the earliest stage, is key.
- Resilience is a real challenge but crucial for these utilities. They need to recognize when a supply disruption is caused by a cyber attack and quickly react/intervene to protect the grid. It is essential to be prepared and plan your response to incidents. According to Accenture, Europe is the best prepared to restore normal network operation after an attack compared to the rest of the world.
- Training and risk awareness are important actions. This involves educating staff, recruiting cyber security experts and following the guides and regulations of national security agencies.
- Finally, the CISOs must share their expertise and experience. According to the study, 32% of electricity distributors believe that a better identification of threats and sharing information across the industry would have the greatest impact on their cyber security capability.
In conclusion, the information flows created by the exchange of data between sensors, tools, stations and production systems are prime targets for hackers. The hyper-connected plant must have effective cyber security systems that have to be able to detect cyber attacks before the damages impact the critical industries effective operation.