Strengthening the cybersecurity of the power grid

Published Mar 15, 2023 · Updated Apr 3, 2024

Cybersecurity in the energy industry is vital to protect the power grid Image: iStock

Related Centres:

Listen to the article

In 2018, the World Economic Forum launched an initiative to improve the cyber resilience of the global electricity infrastructure.
11 founding member have launched a new phase of the initiative in March 2023, aimed at establishing an independent, multistakeholder community to collaborate and take collective action to protect the power grid.
Centre for Cybersecurity, published a comprehensive strategy to address a request for information on cybersecurity regulatory harmonization and reciprocity by the US White House Office of the National Cyber Director.

The impact of cybersecurity in the energy industry.

Cyber resilience is a challenge for organizations globally and for the electricity industry in particular. Power systems are among the most complex and critical of all infrastructure types and act as the backbone of economic activity.

Large-scale incidents such as blackouts can have socio-economic ramifications for households, businesses and vital institutions. For example, a six-hour winter blackout in mainland France could result in damages totalling over €1.5 billion ($1.7 billion).

In 2018, the World Economic Forum Centre for Cybersecurity launched the Systems of Cyber Resilience: Electricity initiative. This groundbreaking effort helped bolster the cyber resilience of the global electricity infrastructure by bringing together leaders from over 60 businesses, governments, civil society, and academia. The objective was to develop a comprehensive cybersecurity vision to protect the power infrastructure.

Following the success of the first phase, the World Economic Forum and 11 founding members – Dragos, EDP, Enel, Hitachi Energy, Iberdrola, Naturgy, Ørsted, Schneider Electric, Siemens Energy, Southern and Vestas – have launched a new iteration of the initiative in March 2023. The objective is to establish an independent, multistakeholder community that will continue to collaborate and take collective action. The community will serve as a global exchange platform for cybersecurity leaders in the electricity sector.

“

"In this increasingly complex technological ecosystem and sophisticated threat landscape, we need global collaboration mechanisms between the utilities and with our technology partners. This initiative provides a unique platform to foster meaningful discussions that lead to actionable goals to enhance ecosystem wide resiliency."

”

— Rosa Kariger, Global Security Governance & Intelligence, Iberdrola

The secretariat for the Systems of Cyber Resilience: Electricity initiative will be hosted by the World Economic Forum until 2026, with the support of the 11 Founding Members.

“

"This initiative provides a forum for global electric companies and premiere industry partners to take the lead in driving increased maturity and capability to address cyber threats all nations are facing."

”

— Tom Wilson, Chief Information Security Officer, Southern Company

Have you read?

“

"It is a great opportunity to create a collaborative environment, focused on increasing global cyber resilience, based on the sharing of information, on the development of common initiatives, on the definition of principles and the alignment around them by the main actors of our industry."

”

— Jesús Sánchez, Head of Global Cybersecurity, Naturgy.

What are the challenges of cybersecurity in the energy industry?

The unprecedented pace of technological change driven by the Fourth Industrial Revolution means that health, transport, communication, production and distribution systems will demand rapidly increasing energy resources to support global digitalization and the advancement of interconnected devices.

Digitalization is driving growth and innovation in the electricity industry and has tremendous potential to deliver shareholder, customer and environmental value. However, new technologies and business models affecting operating assets present both opportunities and risks.

In the past, managing these risks had only meant dealing with issues such as component failure or weather damages, while today’s resilience plans must consider cybersecurity-related threats.

“

"Cybersecurity threats to safe and reliable electricity for our communities continue to increase. We continuously support our customers and partners in advancing a sustainable energy future for all. It is paramount that suppliers, asset owners and operators work together with cyber resilience in focus to ensure a sustainable, flexible and secure energy system."

”

— Joe Doetzl, Head of Cybersecurity, Hitachi Energy

Our approach to strengthening cybersecurity in the energy industry.

In 2023, the United States White House Office of the National Cyber Director, as part of the United States National Cybersecurity Strategy, requested information on cybersecurity regulatory harmonization and reciprocity.

In response, the Forum's Systems of Cyber Resilience: Electricity Initiative community, supported by Centre for Cybersecurity, developed a comprehensive strategy. This strategy, detailed in the Response to the White House’s Request on Harmonizing Cybersecurity Regulations paper, addresses the international section of this request. The objective is to promote ecosystem-wide cyber resilience and interoperability, acknowledging the need for a cohesive and unified approach to cybersecurity regulation that transcends national boundaries.

In a separate effort, in 2021, following a request from the European Commission (EC) Energy Directorate, the initiative also developed a collection of 15 lessons learned and recommendations for improvement on the new EC Cybersecurity Directive considering the implications of supply chain attacks and other systemic risks for cybersecurity in the energy industry.

Ecosystem of cybersecurity in the energy industry Image: European Commission

Since its launch he initiative has launched a series of reports to guide chief executives and board members in meeting the unique challenges of managing cyber risks:

“

"A robust and resilient electricity grid is the foundation for a low carbon future, managing the cyber risks is key to that and it’s a challenge that must be tackled together. We are proud to work alongside those organisations that are key to delivering electricity, to find a better way forward in addressing these risks globally."

”

— Philip Tonkin, Senior Director of Strategy, Dragos

How can you get involved?

“

"With governments and businesses accelerating the drive toward low-carbon economies, this year marks a unique opportunity to build resilience into the energy transition by design. Weathering future threats will be much easier and more affordable if the electricity sector as a community can take collective actions for cyber defense. We are stronger together."

”

— Leo Simonovich, Vice President and Global Head, Industrial Cyber, Siemens Energy

The Cyber Resilience in the Electricity Industry initiative is designed to continue enhancing cybersecurity in the energy industry.

Electricity utility companies, technology and equipment manufacturers, energy services providers, private organizations, policy makers, regulators, associations, universities, technical institutions, and experts are invited to join this initiative and bring their expertise to collaborate and strengthen the cyber resilience of the global electricity infrastructure.

JOIN THE FORUM

Join us today and help shape a better future

Get involved