Electric utilities’ ability to embrace the rapid technology innovations that are disrupting other industries is coming to a head. The advancement of home area networks, electric vehicles and the internet of things (IoT) has created a need for consumer usage analytics that exceeds the utilities’ capability. Even more concerning, are the wasted dollars and hours on building IT infrastructure insufficient to defend against today’s threats, let alone tomorrow’s.

In response to this challenging environment, the Federal Energy Regulatory Commission (FERC) in February asked whether electric producers and their customers would benefit by moving to cloud and virtualization technologies – the innovations that are already disrupting other industries.  From our standpoint the answer is a clear yes – so long as it’s done right.  We believe cloud is safe and can, if architected correctly, provide a platform for secure innovation in utility operating environments.   

You read that right. Cloud offers the electric utilities less cost and less risk, along with more innovation, resilience, and security.

Let’s talk money first. As of 2018, utilities’ average annual spend on IT infrastructure was $624 million. Based on Accenture's experience, moving to cloud could result in $70 million to $168 million in annual savings.

That said, saving money doesn’t matter unless it comes with improved resilience and cybersecurity, and when it comes to both, utilities try to defend themselves by building higher walls. However, that solution doesn’t scale and is outdated.  The Department of Homeland Security has been warning utility executives since at least 2014 that U.S. adversaries have been targeting them and Russian hackers still broke into “hundreds of victims” in 2017.  The threat environment is only getting worse—exponentially.  But while they have made significant strides, the utilities’ fundamental strategy should change.

The many advantages of cloud
  • Demand management: Electricity CIOs work hard to prepare for the few times each year when they hit max capacity.  Perhaps cloud’s best trait is its ability to scale up and down so utilities should never be unprepared for demand spikes; 
  • Simulation modeling: Cloud can help utilities model resilience to simulate the impact of natural hazards and cyber threats in ways never-before possible (i.e., native distributed denial of service attack prevention in a cloud content delivery network);
  • A virtual toolkit: Utilities can tap into unlimited computing power, memory, analytics, and modeling tools to understand, experiment and deliver new products and services with unprecedented speed—creating the potential for a long overdue industry modernization.
  • Advanced capabilities: Customers will see increased uptime and resilience because cloud can help utilities employ geographic redundancy and backups, deploy patches at scale, test upgrades through “sandboxing,” and leverage robotic process automation, machine learning and heuristic data mining.
  • Greater savings: All these benefits come with decreased costs, as noted above.  
Build but don’t break

To help achieve expected savings, utilities’ need to embrace new technologies such as cloud at scale and at pace.  These benefits must be carefully weighed against the industry’s necessary demands for high-bandwidth, low-latency, and high-availability system requirements. To successfully achieve this balance, we recommend prioritizing four main tenets: 

  1. Any adoption of cloud services must maintain or enhance the industry’s culture of safety, security, and reliability. Technology is neutral—it’s how we apply it that counts.  Those who believe that this culture leaves no room for innovation are incorrect.  If you aren’t moving forward, you are moving backwards.
  2. It will likely be necessary to create logical separation between control and data acquisition systems, based on virtual electronic security zones.
  3. Cloud and virtualization systems must enhance performance without introducing intermittent risks, which could increase latency and possibly decrease availability.
  4. The industry’s current diversity of design is an advantage. Moving to a cloud and/or virtual paradigm will require careful design consideration to not simplify the problem for an adversary.
The limitations of current regulations

Keeping pace with this dynamic paradigm shift in technology requires the continuous evolution of the North American Electricity Reliability Corporation Critical Infrastructure Protection (NERC CIP) Reliability Standards, giving utilities access to, for example, blockchain authentication of autonomous identity and access management (IAM), the industrial internet of things (IIoT) validation, edge computing, and device-to-device communications. 

The world is moving fast

Certainly, the use of cloud and virtualization technologies entails risk, but our experience indicates the greater risk is the status quo. The upshot: Spending time and money to raise floors and install pipes for IT equipment should not be a priority. Utilities should let a trusted entity do that so they can focus on providing efficient and resilient service. Those electric utilities that act now to seize the opportunity to adopt new technologies for their customers open new opportunities to reduce costs and risk—while enhancing resiliency and security.

Accenture Security

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

This document makes descriptive reference to trademarks that may be owned by others. The use of such trademarks herein is not an assertion of ownership of such trademarks by Accenture and is not intended to represent or imply the existence of an association between Accenture and the lawful owners of such trademarks.

The reproduction and distribution of this material is forbidden without express written permission from Accenture. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this document. This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative.

Jim Guinn

Managing Director – Accenture Security, Strategy & Consulting Lead

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog