How Prepared Are Utilities to Respond to Cyberattacks?
- December 14, 2018
- 422 views
Utilities are well equipped to respond to power outages resulting from equipment failures, usage spikes, and natural disasters. But, what about the increasingly real threat of a cyberattack? Unlike other types of threats, cyberattacks are designed specifically to knock out power to large numbers of homes, businesses, and institutions.
An Extreme Threat
In a recent Forbes article, Constance Douris writes, “A well-constructed cyberattack against the grid might not do as much physical damage as bombs, but it would likely be highly effective at cutting off electricity to hospitals, banks, factories and other critical assets.”
Given persistent attempts by foreign actors to breach the security of U.S. utilities, the reality of such an attack is becoming more likely all the time. “Duke Energy, one of the largest power companies in the nation…reported more than 650 million attempted cyberattacks in 2017 alone,” notes Rebecca Kern, writing for Bloomberg BNA.
More chilling still, according to Arthur H. House writing for the Washington Post, “The effect of an attack on utility distribution systems could be similar to a major natural disaster — except we know when natural disasters end. Hurricanes do not return to strike a second or third time. And they do not replicate themselves in other parts of the country.”
Yet, despite all these factors, “only 6 per cent of utility executives feel extremely well-prepared when it comes to restoring normal grid operations following a cyberattack,” according to Scott Foster, writing for Power Engineering International.
Need for a Robust Plan
Much of the preparation has been in preventing such a crisis, rather than developing a plan to address one. But, a successful cyberattack, especially one that targets multiple locations, could be catastrophic. George H. Baker and Stephen Volandt, writing for Domestic Preparedness, point out that an extended power outage could impact “multiple critical infrastructures,” including water supply and wastewater treatment, telecommunications, the internet, food production and delivery, fuel production and distribution, financial systems, transportation, government, healthcare facilities, and more.
As scary as these outcomes may be, utilities must prepare for the possibility of cyber defenses breaking down, just as they do for weather emergencies. Baker and Volandt explain, “Although there may be unforeseeable points of failure, cascading effects, and barriers to recovery, plans can still be made for prevention, mitigation, adaptation, and recovery. Imperfect plans, thoughtfully developed, are far better than no plan at all.”
Utilities — in conjunction with governmental and other agencies — must create a foundation for responding to such an eventuality. “Just as a coordinated response between industry and government is critical during natural disasters,” writes Jaclyn Brandt for Daily Energy Insider, “the same is true for preparing for and responding to cyber and physical threats to the grid…. Reflecting the need to further cement those partnerships, both the Department of Energy (DOE) and the Department of Homeland Security (DHS) launched new cyber divisions this year that will focus on coordinating efforts between government and the private sector to protect the nation’s critical infrastructure.”
Even with such preparation in place, write Baker and Volandt, “If there were a prolonged nationwide, multi-week or multi-month power failure, neither the federal government or any state, local, tribal, or territorial government — acting alone or in concert — would be able to execute an effective response…. Consequently, it is vital that citizens, households, communities, businesses, and governments be as informed and prepared as possible.”
Does your utility have a cyberattack recovery plan in place? Please share in the comments.
Image Credit: ID 101913622 © LagartoFilm | Dreamstime.com