Coupled with anticipated risk to employee and customer safety and physical assets, unprepared distribution utilities must act now to improve cybersecurity capabilities
NEW YORK Oct. 4, 2017 – Almost two-thirds (63 percent) of utility executives believe their country faces at least a moderate risk of electricity supply interruption from a cyberattack on electric distribution grids in the next five years. This figure, included in Accenture’s (NYSE: ACN) new report, Outsmarting Grid Security Threats, part of the Digitally Enabled Grid research program, rises to 76 percent for North American utilities executives.
The survey of more than 100 utilities executives from over 20 countries revealed interruptions to the power supply from cyberattacks is the most serious concern, cited by 57 percent of respondents. Just as worrying is the physical threat to the distribution grid. Fifty-three percent of executives cite employee and/or customer safety and 43 percent of executives cite the destruction of physical assets as their biggest concerns.
“As highly sophisticated, weaponized malware is being developed, a greater risk to distribution businesses arises from cyber criminals and others who would use it for malicious purposes,” said Stephanie Jamison, managing director, Accenture Transmission and Distribution. “Attacks on industrial control systems could disrupt grid reliability and the safety and well-being of employees and the public. Not getting it right could be a brand killer, as well as a real threat for a country and the community.”
While the increased connectivity of industrial control systems enabled by the smart grid will drive significant benefits in the form of safety, productivity, improved quality of service and operational efficiency, 88 percent agreed that cybersecurity is a major concern in smart grid deployment. Distribution utilities are also increasingly exposed by the growth of connected Internet of Things (IoT) domestic devices, such as connected home hubs and smart appliances. These bring a new risk to distribution companies, which is hard to quantify, with 77 percent of utilities executives suggesting IoT as a potential threat to cybersecurity.
In Asia Pacific and Europe, cyber criminals are seen as the biggest risk for distribution businesses by almost a third of respondents. However, in North America, attacks by governments are considered a bigger risk than in regions worldwide (32 percent).
“Deployment of the smart grid could open new attack vectors if cybersecurity is not a core component of the design,” added Jamison. “However, the smart grid can also bring sophisticated protection to assets that were previously vulnerable through improved situational awareness and control of the grid.”
Utilities must improve cybersecurity capabilities and develop a resilient delivery system
A significant number of distribution utilities have much to do in developing a robust cyber response capability with more than four in 10 respondents claiming cybersecurity risks were not, or were only partially integrated, into their broader risk management processes.
In addition, the increasing convergence of physical and cyber threats requires the development of capabilities that go well beyond simple security-related national compliance requirements. Utilities must invest in resilience of their smart grid as well as effective response and recovery capabilities.
Proper protection is challenging due to the complexity of distribution electric grids and increasingly sophisticated, well-funded attackers, and many distribution utilities are still under-protected and under-prepared. Only 6 percent felt extremely well-prepared and 48 percent well-prepared, when it came to restoring normal grid operations following a cyberattack.
Moves to build and scale cyber defense
While there is no single path forward, there are some moves any distribution business should consider to strengthen resilience and response to cyberattack, such as:
- Integrate resilience into asset and process design, including cyber and physical security,
- Share intelligence and information as a critical activity that could help create situational awareness of the latest threat landscape and how to prepare accordingly, and,
- Develop security and emergency management governance models.
Accenture’s annual Digitally Enabled Grid research program evaluates the implications and opportunities of an increasingly digital grid. The 2017 research included interviews with more than 100 utility executives from over 20 countries. The executives interviewed were those involved in the decision-making process for smart grid-related matters. The countries represented included Australia, Belgium, Brazil, Canada, China, Germany, Italy, Japan, Malaysia, the Netherlands, Norway, Philippines, Portugal, Saudi Arabia, South Africa, Spain, Switzerland, Thailand, the United Arab Emirates, the United Kingdom and the United States.
Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions – underpinned by the world’s largest delivery network – Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 425,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com.
Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organizations’ valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
+1 281 900 9089
+44 755 784 9009