The power and utilities (P&U) sector is going through one of the most transformative stages since its inception. Behaviors are shifting, governments and consumers alike are demanding cleaner energy, and evolving technologies drive a more decentralized and increasingly digital model. How utilities succeed in making the transition will depend on how effectively they manage their most important risks.
Given that by 2021 the global cost of cybersecurity breaches across all sectors will reach US$6 trillion, cyber threats are a critical area of focus.
According to our Risk Pulse survey, utilities rank business interruption from cyber attack, storms and catastrophic events as the most important risk today and in a future energy world. But security risks are constantly evolving, as the attack surface keeps getting larger across physical assets, digital infrastructure and business processes. It is becoming increasingly challenging for utilities to map the digital environment in which they operate and their interactions with it.
Connected devices that can collect vast amounts of personal data (e.g., smart meters) and the rise of the Internet of Things (IoT) add to the complexity of managing security across the transforming P&U ecosystem. Legacy systems that were designed to operate in internal segregated or closed networks are increasingly interfacing and converging with IP-based networks to improve efficiencies in administration and monitoring.
This ever-expanding digital ecosystem with potentially millions of networked access points, is exposing utilities to more sophisticated and frequent cyber attacks, which have the potential to disrupt critical infrastructure and breach customer and employee privacy. Governments around the world have moral obligations to provide access to power and clean water, and utilities are tasked with fulfilling these obligations. Yet, they cannot do so if they leave themselves, and the critical infrastructure they manage, open to attack.
Utilities are particularly attractive targets for highly sophisticated state-sponsored actors in politically unstable regions looking to gain a political or monetary advantage. Hacker group Dragonfly 2.0 is an excellent example. A leading security firm recently warned that state-linked hackers were gaining access to US and European power grid operations — to the point where they could produce power blackouts anytime they wanted.