• Cyberthreats to utility companies are becoming more severe.
  • A new survey suggests 54% of utilities expect a cyberattack in 2020.
  • Strategic collaboration is the key to an effective industry response.

For companies pushing the bounds of innovation in the utility industry, information technology (IT) has increasingly acted as its eyes and ears, leveraging big data, advanced analytics and cloud computing to provide an understanding of real-time operating environments in fleets that may stretch tens or even hundreds of miles.

Utilities also use IT to control and balance operational technology (OT) – like distributed wind, solar and energy-storage assets with centralized power generation – to reduce emissions, improve efficiency and reduce costs for customers. The digitalization of OT assets for global utilities has opened seemingly endless opportunities. However, it has also exposed the vulnerability of critical infrastructure to cyberattacks.

A recently released cybersecurity report by Siemens and the Ponemon Institute explores this risk. It found that cyberthreats to utilities’ OT are growing more severe and sophisticated. It also assesses the industry’s readiness to address future attacks and puts forward solutions to help the industry secure critical infrastructure.

Clearly, the threat isn’t on the horizon. It’s already on the doorstep. Fifty-four percent of the 1,726 utility professionals surveyed — representing electric utilities around the world with gas, solar and wind portfolios, as well as water utilities — expect at least one cyberattack on critical infrastructure within the next year. A slightly larger majority reported experiences with a shutdown or loss of operational data annually.

As the survey results show, attacks on critical infrastructure are a current and growing threat
As the survey results show, attacks on critical infrastructure are a current and growing threat
Image: Siemens

Utilities are facing a perfect storm. Just as the industry is undergoing a digital transformation to modernize legacy equipment, prepare for a more distributed energy landscape with greater renewable integration, and protect customers against disruptions in service, cyberattacks have the potential to cause severe financial, environmental and infrastructure damage. But that shouldn’t deter efforts to realize the possibilities offered by the Fourth Industrial Revolution, including making investments to transform the sector that will bring power to the world and reduce emissions.

The troubling results in this report should instead drive utility industry executives, managers and security professionals alike to hold the necessary discussions that will lead to productive action for the safety and security of companies and our critical infrastructure. By identifying tough pain points and vulnerabilities, we can build awareness and share best practices to eliminate them.

And it’s apparent more must be done. Less than one-third of survey respondents assessed their readiness as ‘high’ if faced with containing a breach. Smaller organizations, in particular, were among those most deeply concerned with their cybersecurity capabilities. Across the industry, recruiting the right personnel and going beyond required compliance to adopt risk-based strategies is necessary to respond to an evolving threat environment.

A lack of trained personnel is hampering response times
A lack of trained personnel is hampering response times
Image: Siemens

The frameworks that the report outlines are a helpful and vital starting point for meeting current challenges. They emphasize the importance of utilities thoroughly knowing their systems and what they’re doing. That includes identifying how their systems are connected and employing professionals with the skills to strengthen and maintain those systems’ defenses.

The report also recommends the need for fortified systems and a ready response strategy if an attack is detected. Specifically, the adoption of digital tools like AI and big-data analytics can offer an effective way to enhance detection capabilities. In addition, it’s essential for utilities to devote specific leadership attention to OT security so that awareness is amplified and capabilities to thwart attacks continue to evolve.

This work is just beginning, but the arena in which we will fight the cyberattacks on our utilities is coming into clearer focus. With strategic and collaborative action – and honest discussion and assessment – we can meet risks with readiness and resiliency, giving utilities more confidence and peace of mind that their OT and IT components are well protected.

Leo Simonovich is part of the World Economic Forum’s ‘Systems of Cyber Resilience: Electricity’ community.

Cybersecurity

What is the World Economic Forum doing about making our electricity ecosystem cyber resilient?

Cyber resilience is a challenge for organizations globally, but particularly for the electricity industry. Power systems are among the most complex and critical of all infrastructures and act as the backbone of economic activity.

The unprecedented pace of technological change driven by the Fourth Industrial Revolution means that our systems of health, transport, communication, production and distribution will demand rapidly increasing energy resources to support global digitalization and advancement of interconnected devices.

Our Platforms for Shaping the Future of Cybersecurity and Digital Trust and Shaping the Future of Energy and Materials have pioneered a Systems of Cyber Resilience: Electricity Initiative, which brings together leaders from more than 50 businesses, governments, civil society and academia, each with their own perspective, to collaborate and develop a clear and coherent cybersecurity vision for the electricity industry.

Our Systems of Cyber Resilience: Electricity project is designed to enhance cyber resilience across the electricity ecosystem. To join our platforms and bring your cyber resilience expertise to drive this or similar initiatives, contact us or read more in our Impact Story.