Energy utility executives believe a crippling cyber attack is likely in next five years, Accenture study finds.
As the energy sector becomes more digitalised and an Internet of Things (IoT) takes shape, the threat of cyber attacks continues to grow.
A new survey from Accenture has revealed that now, almost two-thirds of utility executives globally believe that their country faces at least a moderate risk of electricity supply interruption from a cyber attack on the distribution grids in the next five years.
The good news is that a majority of them claim to be at a state of preparedness that would enable them to weather such an attack by restoring normal network operation.
The survey involving more than 100 utilities executives from over 20 countries revealed that interruptions to power supply from cyber attacks is the greatest concern.
Other top concerns, cited by more than half of the respondents, are employee and/or customer safety and the theft of customer or employee data, while the least, cited by fewer than a third, are ransoming and defacement of company websites.
When it comes to who might be behind a cyber attack, organised groups of hackers and governments are considered both the greatest risk as well as having the largest growing risk profiles in the past year.
However, these perceptions also vary by region. For example, in Europe and Asia Pacific, cyber criminals are seen as the biggest risk for distribution businesses, while in North America, attacks by governments are considered the bigger risk.
The survey found that fewer than 40% of organisations are at or near the highest level of either cyber resilience or response readiness.
However, more than 50% felt they are well or extremely well prepared to respond to a cyber attack causing a service interruption, with another almost 40% being moderately prepared. These numbers vary greatly by region with well and extremely well preparednesses of 47% in Asia Pacific, 57% in North America and 70% in Europe (though this latter figure is based on a limited sample and may not be reflective of the region as a whole).
Overall, just 9% reported poor or very poor preparedness with limited focus on cyber attack specific restoration.
While the findings of the survey are encouraging in revealing industry confidence in the cybersecurity measures in place, there is clearly more that needs to be done. Many distribution utilities still have some way to go in developing a robust cyber response, according to the report.
The survey found that the main single action that would make the greatest impact is improved threat identification and sharing across the industry.
A clearer understanding of the operational technology implications for cybersecurity also is regarded as an important action.
Accenture points out that there is no single path forward but there are some moves any distribution business should consider to strengthen resilience and response to cyber attacks.
These include investigating a platform approach to cybersecurity capabilities and integrating resilience into asset and process design. Another is the sharing of threat information.
The others are to develop security and emergency management governance models and to develop relationships with regional security officials and cyber response experts.
“Cybersecurity must become a core competency in the industry by protecting the entire value chain and the extended ecosystem end-to-end,” says said Jim Guinn, Managing Director who leads Accenture’s security practice for resources industries.
“Utilities need an agile and swift capability that creates and leverages situational awareness, and that can quickly react and intervene to protect the grid. Developing this new capability will require ongoing innovation, a practical approach to scaling and collaboration with partners to drive the most value.”