Mitigating the risks of distribution cyber failure
By Sfiso Tshabalala Senior Manager, Accenture (South Africa)
This Paper describes how to mitigate the new and evolving risks of cyber failure in South African distribution systems. South Africa needs to catch-up!
Accenture surveyed more than 100 utility executives from over 20 countries in Accenture’s 2017 “Digitally Enabled Grid” Research Program to identify challenges and opportunities along the path to a smarter grid. Most utilities still operate systems and assets that were designed before the advent of computers, and before the heavy dependence of systems on technology. Accenture research shows that fewer than 40 percent of utilities have “high performance” methods, tools and skills comparable to mitigate the risks of cyber failure due to operational error, program bugs, hardware failure, or cyber-attack. Nearly half the surveyed executives believe that as a cause of cyber failure there is a “moderate” likelihood of a cyber-attack on a distribution utility in their country, in the next five years, resulting in an interruption to the electricity supply. (The survey defined “moderate” as 1-10%). Accenture defines “high performance” in mitigating the risks of cyber failure as having a robust response plan, strong cyber-incident communications, tested plans for the protection and recovery of key assets and the grid, and effective cyber-incident escalation paths.
Distribution grids face major risks from cyber-failure. Distribution grids span a wide range of voltages and degrees of automation, from SCADA-controlled sub-transmission down to passively-run, low-voltage residential feeders. Failure of industrial control systems such as SCADA could result in blackouts, disrupting industry as well as vital services such as transportation and health. The increased connectivity of industrial control systems enabled by the smart grid will drive significant benefits in the form of safety, productivity, improved quality of service and operational efficiency. Without effective risk mitigation in place, the rich information flows carried by the digital grid could be lost (or manipulated by cyber attackers) causing malfunctions, outages, destruction of equipment or even loss of life. And electricity grids are already at risk. The current technology landscape for many utilities features control systems based on old or vulnerable operating systems - commonly without sufficient processing power for effective virus scans, and a lack of encryption or authorization on communications channels. The broader supply chain for the smart grid also requires risk mitigation because purchased hardware or services can provide an easy route into the heart of a distribution business. For example, downloaded software or the hard drives of industrial equipment can contain obsolete versions with system bugs, vulnerabilities or malware. In South Africa Eskom manages its distribution operations by province and also provides wholesale supply to nearly 180 municipalities of varying sizes. Hence our multiple distribution grids (even for Eskom) do not have the size of the transmission network and fortunately not the same risks of cascading failure. However, distribution grids have many of the same vulnerabilities. The distributor back-office systems also hold sensitive residential, billing and banking data. A cyber failure in a distribution grid could have impacts from generation through to consumers, erode public trust and raise questions about the security of all devices along the value chain. There is a fear that greater connectivity could create risks of crippling cyber failure. What do executives fear most? In our survey, the main concerns were:
- Interruption to supply
- Compromised safety
- Proactively identifying at-risk customers, enabling timely corrections
- Misuse of sensitive data of employees or customers
- Interference with billing systems or customer web interfaces.
Developing effective strategies to mitigate risks of distributors against potential cyber failure is an urgent imperative.
SAFEGUARDING THE SOLUTION
In Accenture’s view, the optimal approach is implementation of advanced security for highest-risk, high-value assets or highest-impact customers. Deployment of the smart grid should be a key element in risk mitigation for distribution businesses, offering sophisticated protection to previously vulnerable assets.The smart grid can ultimately provide the visibility and control to improve grid robustness. The smart grid will allow acceptance testing, monitoring, analytics, and appropriate limited access rights to minimise the risk of error or cyber-attack.
However, cybersecurity must become a core industry capability, one that protects the entire value chain end to end. Developing this new capability will require ongoing innovation, a practical approach to scaling and collaboration with partners to drive the most value.
The increasing convergence of risks of physical and cyber failure requires the development of capabilities beyond compliance. Distribution utilities are well-practiced at restoring grids after adverse weather, accidents or asset failure. The challenge is to recognize how to recover from cyber failure. Once the technology is disconnected from the grid, monitoring and operating the systems until the technology is restored is labour-intensive. It requires substation technicians to monitor voltages, qualified linemen to manually operate switches and an increased workload on the system operators. Given the shift from large to lean workforces, this could significantly strain utilities’ capabilities. While the chief information security officers (CISOs) and technologists are largely responsible for protecting against OT failure, it will be the distribution operators and technologists who must cooperate to restore the electrical, OT and IT systems following a cyber failure. Without cooperation, it will take longer to identify, isolate, remediate and recover from a cyber-failure. Utilities should share threats and system “irregularities” internally between grid control, security operations, network operations and beyond. This can be made more effective if IT, OT and system operations are co-located in a security operations centre (SOC) with a monitoring/analytics capability fully integrated into asset operations. The asset operators need to understand the cyber situation of the grid to prevent or respond quickly to a cyber incident. Our survey has shown that many distribution utilities still have some way to go in developing a robust cyber response. More than 40 percent of respondents said that cyber-failure risks were not, or only partially, integrated into their broader risk management processes. Siloed processes could mean new risks and possible mitigation go unidentified or do not receive appropriate senior management scrutiny.
Accenture’s survey identified the need to share information to assist risk recognition across the industry. In South Africa, this would mean that Eskom and municipalities engage effectively so that new risks are identified and managed quickly and effectively. South African history has created many small- and medium-size distribution businesses that lack the resources required to address the risks of cyber-failure. For these businesses, it will be productive to pool resources or look to platform-based models and technology solutions that could help address common cyber-failure challenges without needing to build own internal capability. An agenda for shared approaches might include:
- Sponsorship and budget for a common approach by government, regulator or industry association
- Design for distribution grids to enable response to cyber-failure
- Shared risk information based on likely common threats faced by distribution businesses, and how to prepare accordingly.
- Misuse of sensitive data of employees or customers
- Governance processes for emergency management of cyber-failure
- Readiness of a response team of trouble-shooting experts to help contain, investigate, and manage the consequences of a cyber-failure – with practiced interactions and planned responses.
The risk landscape for cyber-failure is evolving faster than our response capability. We must catch-up.
Contact firstname.lastname@example.org or 072 678 3971