This is how we avoid a true nightmare scenario

In 2014, a friend of mine left his car on a frozen highway clogged with thousands of stuck vehicles, walked miles to get warm and ended up spending the night sleeping on a bag of bird seed in a grocery store. Many others were stuck in offices, cars, stores and schools overnight, shivering, hungry and helpless.

That's what can happen when an unexpected event shuts down a city. In this case, it was my hometown of Atlanta, hit by a glaze of ice and snow that paralyzed roads and wiped-out power grids. One of the most infamous weather events in the South’s history, the so-called “Snowmageddon” left us in a state of complete chaos and total panic.

Think what it could be like if a cyberattack knocks out power in a metropolitan area. No heat or air conditioning. No water. No way to pump gasoline. Food shortages, or no way but cash to pay for food even if stores were open. No mobile service—completely disrupting communication. No internet. No ATMs. Everything we expect on a day-to-day basis, gone.

At least weather events can be forecasted, to a degree. There will be no such warning when a major disruptive cyber event arrives.

The good news

This is why the recently adopted federal grid infrastructure and resiliency provisions are a good idea. The recently enacted $1.2 trillion infrastructure bill, enacted on a bipartisan basis, includes provisions to improve security for the electrical and water grids. It will mandate that utilities identify and mitigate cyber risks and provides funding to states to get the job done. It will also help accelerate responses, when an attack does occur.

Bravo. To me at least, power and water are even more important than roads and bridges. It's good to see that the federal government's heart is in the right place. But now the questions are, "What exactly does the Act mean and where does everybody—utilities, states, and others with vital interests in helping to protect the grid, including Accenture—go from here?”

The short answer is, we move forward

One part of the Infrastructure Investment and Jobs Act provides $600 million in grants to improve grid cybersecurity and ensure it will be built in, fully embedded, into any new programs from the get-go. Among multiple initiatives, it includes smaller electric utilities with fewer resources, and authorizes something called the Energy Cyber Sense program—a voluntary initiative that enables the private sector to test the cybersecurity of products and technologies intended for use in the bulk-power system.

Additionally, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) will receive about $100 million to create a Cybersecurity Response and Recovery Fund, to assist agencies and companies when it declares a "significant" cyber incident. The bill also includes several other initiatives including $1 billion in state and local grants to improve their cybersecurity practices.

The time is now

The first entities that apply for grants are the most likely to get the money they need. In addition, we know cyber criminals are doing the best they can, every day, to penetrate the defenses of power and water utilities. The sooner we can fortify those defenses, the better.

Now is the time to become more resilient—to make sure all our communities are safer from disruptive cyber events that could cause a multi-day, total shutdown. I've seen personally what an event can do in my hometown from weather alone. A disruptive cyber event could be far worse. These federal government investments reflect our collective recognition of the problem and commitment to address them. Now we have to turn those commitments into meaningful resilience.

Don't go it alone

Let's all work together—states, the federal government, utilities, and private organizations, including those with expertise in cybersecurity—to become more resilient. It's a national security issue and a human health issue.

Accenture Security helps organizations build resilience from the inside out so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture helps organizations protect their valuable assets, end-to-end. With services that include strategy and risk management, cyber defence, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.

Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.

This document makes reference to marks owned by third parties. All such third-party marks are the property of their respective owners. No sponsorship, endorsement or approval of this content by the owners of such marks is intended, expressed or implied.

This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative.

Copyright © 2021 Accenture. All rights reserved.