Understanding the Future of Distribution Cybersecurity for Utilities

Back to Top

cybersecurity

Cybersecurity attacks are in the news—across all industries, every single day. No market segment is perhaps more at risk than electric utilities, and the effects of a widespread outage would potentially be devastating.

When attackers target the grid, their focus often is to disable communication and infrastructure over large areas. Not all successful attacks result in an outage; many are designed to gather information or establish capabilities that could later trigger a grid disruption. The electric utility industry is working to guard against future cybersecurity threats, but will the current course of action provide the protection needed?

Cyber Investments for Utilities

With cyberattacks becoming more frequent and sophisticated, one would hope critical infrastructure is leading the charge with cutting-edge cybersecurity defenses. However, utilities find it difficult to protect their distribution grids, let alone be leading-edge, without a quantifiable way to justify the investment required to build a strong cyber defense. 

Cost justification comes from a risk-management process that helps decision-makers determine which investments are best for the business. Utilities typically identify overgrown vegetation and wildlife as primary reliability concerns because there is a well-known and longstanding causation relationship and cost associated with them. However, utilities often find it difficult to justify and pay for a cyber-defense strategy when a cyberattack has yet to severely affect their business. They know they could become a victim at some point, but they can’t say when and to what extent.

Utilities have a robust understanding of electricity delivery and have a successful history of providing reliable power. We also know utilities weren’t built with cybersecurity in mind, and retrofitting systems to achieve the appropriate level of cybersecurity protection will be no easy task. As we continue to modernize the grid, we are creating new opportunities for information and control, but we are also increasing our cyber vulnerabilities. Unfortunately, digital security has not kept pace with digitization of the grid. Building a comprehensive security system will be one of the greatest challenges utilities face in this decade.

Besides protecting their internal business systems, utilities have the added challenge of protecting their operational networks and field devices. This equipment comes from a variety of suppliers with differing or no cybersecurity features. This can make it difficult to build a cohesive defense because a secure system is only as strong as its weakest link. If one piece of equipment lacks the necessary security protocols, it puts the entire system at risk.

Lawmakers, energy regulators, and investors are all involved in conversations about utility cybersecurity, but recommendations and regulations are not comprehensive and don’t always align with each other. While government and regulatory cybersecurity criteria have evolved over the last few years, there is considerable room for more improvement. More importantly, there is a need for alignment across all parties.

What is the Future of Cybersecurity?

There are many predictions about the future of cybersecurity, but the one that will certainly hold true is cybersecurity attacks will get worse before they get better. Even as new solutions are adopted, bad actors will find new ways to adapt. Utilities will need to be empowered to operate in an atmosphere of flexible response to meet critical standards but with the flexibility to embrace new security solutions as they become necessary. The longer the industry waits, the greater the risk becomes. What do you think the future of cybersecurity will bring to the industry?

 

Expert

Darrell Massie

Publication Date

January 23, 2020