Cyber resilience is a challenge for organizations globally, but particularly for the electricity industry. Power systems are among the most complex and critical of all infrastructures and act as the backbone of economic activity.
Large-scale incidents such as blackouts would have socio-economic ramifications for households, businesses and vital institutions. For example, a six-hour winter blackout in mainland France alone could result in damages totalling over €1.5 billion ($1.7 billion).
In the past, managing this risk has meant dealing with issues such as component failure or inclement weather via robust mitigation and recovery. Today, however, existing resilience plans in electricity delivery must integrate a carefully designed resilience strategy which considers cybersecurity-related risks.
What's the challenge?
The unprecedented pace of technological change driven by the Fourth Industrial Revolution means that our systems of health, transport, communication, production and distribution will demand rapidly increasing energy resources to support global digitalization and advancement of interconnected devices.
Digitalization is driving growth and innovation in the electricity industry and has tremendous potential to deliver shareholder, customer and environmental value. However, new technologies and business models affecting our operating assets present both opportunities and risk.
Our Centre for Cybersecurity and the Platform for Shaping the Future of Energy and Materials have pioneered a Systems of Cyber Resilience: Electricity Initiative, which brings together leaders from more than 50 businesses, governments, civil society and academia, each with their own perspective, to collaborate and develop a clear and coherent cybersecurity vision for the electricity industry.
Power systems play a key role in society. Protecting the power supply against threats is a means to safeguard prosperity. Joining forces across companies and borders is an important remedy against fast-evolving cyber threats in the energy sector.
The initiative is focused on three pillars:
- Organizational: developing scenarios for industry CISOs and Boards to improve the maturity of cyber resilience culture and governance across the sector
- Regulation: improving the effective implementation of cyber resilience frameworks by fostering a dialogue between policy-makers and businesses to change approaches to new regulations
- Supply chain resilience: improving supply chain resilience by establishing common expectations regarding cybersecurity roles and responsibilities between stakeholders
Among its activities, the Systems of Cyber Resilience: Electricity Initiative released a series of reports to guide CEOs and Boards members meet the unique challenges of managing cyber risk in the electricity ecosystem:
Cyber Resilience in the Electricity Ecosystem: Principles and Guidance for Boards
Read the report
Cyber Resilience in the Electricity Ecosystem: Playbook for Boards and Cybersecurity Officers
Read the report
Only by joining efforts will we be able to face the cybersecurity challenges of increasing digitization and hyper connectivity.