This special interest group supports professionals who are involved in the critical mission of restoring service, business continuity and effective emergency preparedness in gas and electric utilities. 

3,755 Members


How Prepared Are Utilities to Respond to Cyberattacks?

Utilities are well equipped to respond to power outages resulting from equipment failures, usage spikes, and natural disasters. But, what about the increasingly real threat of a cyberattack? Unlike other types of threats, cyberattacks are designed specifically to knock out power to large numbers of homes, businesses, and institutions.

An Extreme Threat

In a recent Forbes article, Constance Douris writes, “A well-constructed cyberattack against the grid might not do as much physical damage as bombs, but it would likely be highly effective at cutting off electricity to hospitals, banks, factories and other critical assets.”

Given persistent attempts by foreign actors to breach the security of U.S. utilities, the reality of such an attack is becoming more likely all the time. “Duke Energy, one of the largest power companies in the nation…reported more than 650 million attempted cyberattacks in 2017 alone,” notes Rebecca Kern, writing for Bloomberg BNA.

More chilling still, according to Arthur H. House writing for the Washington Post, “The effect of an attack on utility distribution systems could be similar to a major natural disaster — except we know when natural disasters end. Hurricanes do not return to strike a second or third time. And they do not replicate themselves in other parts of the country.”

Yet, despite all these factors, “only 6 per cent of utility executives feel extremely well-prepared when it comes to restoring normal grid operations following a cyberattack,” according to Scott Foster, writing for Power Engineering International.

Need for a Robust Plan

Much of the preparation has been in preventing such a crisis, rather than developing a plan to address one. But, a successful cyberattack, especially one that targets multiple locations, could be catastrophic. George H. Baker and Stephen Volandt, writing for Domestic Preparedness, point out that an extended power outage could impact “multiple critical infrastructures,” including water supply and wastewater treatment, telecommunications, the internet, food production and delivery, fuel production and distribution, financial systems, transportation, government, healthcare facilities, and more.

As scary as these outcomes may be, utilities must prepare for the possibility of cyber defenses breaking down, just as they do for weather emergencies. Baker and Volandt explain, “Although there may be unforeseeable points of failure, cascading effects, and barriers to recovery, plans can still be made for prevention, mitigation, adaptation, and recovery. Imperfect plans, thoughtfully developed, are far better than no plan at all.”

Utilities — in conjunction with governmental and other agencies — must create a foundation for responding to such an eventuality. “Just as a coordinated response between industry and government is critical during natural disasters,” writes Jaclyn Brandt for Daily Energy Insider, “the same is true for preparing for and responding to cyber and physical threats to the grid…. Reflecting the need to further cement those partnerships, both the Department of Energy (DOE) and the Department of Homeland Security (DHS) launched new cyber divisions this year that will focus on coordinating efforts between government and the private sector to protect the nation’s critical infrastructure.”

Even with such preparation in place, write Baker and Volandt, “If there were a prolonged nationwide, multi-week or multi-month power failure, neither the federal government or any state, local, tribal, or territorial government — acting alone or in concert — would be able to execute an effective response…. Consequently, it is vital that citizens, households, communities, businesses, and governments be as informed and prepared as possible.”

Does your utility have a cyberattack recovery plan in place? Please share in the comments.

Image Credit: ID 101913622 © LagartoFilm | 

Karen Marcus's picture

Thank Karen for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.


No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »