Effective infrastructure security for utilities demands a holistic approach, starting now
Across industries, cyber security threats are becoming increasingly focused on the digital sphere. They more commonly take the form of data breaches and malware, and are occurring with alarming regularity in the financial services, retail, technology and even government sectors.
While, to date, utilities have been largely been spared, the risks grow larger with each sensor, storage device and beyond-the-meter application linked to the grid. These digital connections, which make the grid “smart,” also make it more vulnerable.
With so much riding on the security of the grid, utilities need new solutions to defend the grid from bad actors and quickly recover from a physical or digital attack against the network. Utilities with a holistic response at the ready will have a better chance of keeping threats at bay.
Failures and hostile cyber actions have profound impacts on enterprise performance—even enterprise viability. Yet, combined properly, the same technologies that are driving the digital enterprise can enable resilience at a level not possible before. Accenture Strategy research on the intersection of business and technology— and extensive work with enterprises of all sizes and across each major industry—has provided some insight into what it takes to be prepared.
DOWNLOAD THE INFOGRAPHIC [PDF]
57% of Utilities executives surveyed by Accenture Strategy said that their organizations experience significant attacks that test the resilience of their IT systems on a daily or weekly basis.
Yet, only 40% "strongly agree" that their strategy for cyber defense is robust, understood, and fully functional.
Savvy Utilities executives are self-aware, with a realistic sense of their own weak spots—in both information technology (IT) and operational technology (OT).
Only 5% of Utilities executives that Accenture Strategy surveyed stated that they proactively run inward-directed attacks and intentional failures to test their systems on a continuous basis.
And only 26% consistently design resilience parameters into their technology and operating model.
In a perfect world, Utilities companies would have unlimited resources to institute iron-clad security measures while also pursing the business’ growth and innovation agenda.
In fact, 84% of Utilities executives agree that they are faced with a balancing act between risk management and the pursuit of business opportunity.
However, just 43% "strongly agree" that balancing spend-to- protect and spend-to-enable is mature and continuously managed in their enterprise.
Resilience of the enterprise is not limited to enabling technologies. Just ask the CEO, CIO or other members in the C-suite of any enterprise that has suffered a major data breach.
Cause for alarm: Of all the Utilities companies that Accenture Strategy surveyed, only 46% have a continuity plan that is refreshed as needed. Only 51% map and prioritize security, operational, and failure scenarios.
And only 49% have produced threat models for existing and planned business operations.
Embrace a digital ecosystem.
C-suite executives are seeing the advantage of robust digital capabilities and technologies outside the enterprise.
Develop the ability to orchestrate, in real time, the myriad internal and external services required for multi-speed business and IT.
Resilience cannot be added after-the-fact or on a sporadic, discretionary basis. It must be part of the fundamental operating model — ngrained at the outset into objectives, strategies, processes, technologies — and even culture.
Cyber-physical security for the microgrid: New perspectives to protect critical power infrastructure
Microgrids can offer a powerful solution to a range of challenges facing consumers and distribution networks. They can offer resilient power delivery. They can integrate large quantities of renewable generation through highly localized optimization of distributed generation output, demand flexibility and storage assets. And they can potentially deliver an effective approach for smaller, isolated systems in communities with limited connection to the grid or for specific strategic uses such as military bases or hospitals.
But microgrids also create new vulnerabilities. The increased penetration of their monitoring and control capabilities open up the possibilities for cyber security breaches. Mitigating those risks requires four key actions:
Reinforce the microgrid
Complete ongoing assessments of interconnection security controls
Plan and prepare for resilience
Resource the security strategy
READ OUR POINT OF VIEW [PDF]