Hackers are causing blackouts. It’s time to boost our cyber resilience

hackers 2019

(Steve Halama, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Rosa Kariger, Chief Information Security Officer, Iberdrola & Pierre-Alain Graf, Senior Vice-President, ABB


A six-hour winter blackout in mainland France could result in damages to households, businesses and vital institutions totalling over €1.5 billion. A well-orchestrated cyber attack on critical electricity infrastructure could have this type of economic impact on a country. Is this realistic? Officials from the US Department of Homeland Security publicly declared in 2018 that hackers had infiltrated the control rooms of multiple US electricity utilities to the extent that they had the ability to disrupt the flow of electricity to customers.

As the co-chairs of the World Economic Forum’s Systems of Cyber Resilience: Electricity public-private working group for the past year, we have dedicated time to discussing how to mitigate the risk of cyber attacks affecting critical electricity infrastructure and defining the best approach to cyber resilience in the increasingly complex electricity ecosystem.

Over the past 10 years, the electricity sector has experienced significant cyber attacks – the map below provides a non-exhaustive snapshot. In 2010, the Stuxnet computer virus caused significant damage to Iran’s nuclear power centrifuges which were manipulated to spin out of control. In 2014, a team of hackers cancelled approximately $650,000 of electricity bills due to be paid to a Turkish energy company. In 2015, control systems at three Ukrainian energy companies were compromised leaving 225,000 customers in the dark. Again in 2016, ‘Crash Override’ malware cause a second cyber-related blackout in Ukraine.

Sample of energy-related cyber attacks around the world over the past 10 years

Image: BCG. Source: press reports and BCG analysis

Our sector has many years of experience in protecting critical infrastructures from environmental events and physical attacks and in building resilient networks. Now we need to enhance these protocols, implementing new practices and strategies to address the new digital risks. Especially with the increasing number of new technologies and agents entering the ecosystem that, if compromised, could have a cascading effect over the entire electricity system.

Despite multiple electricity specific initiatives to share cyber information, as shown in the figure below, real-time cross-border information sharing at machine speed, and collective situational awareness is still a long way off. While the continuous evolution of technology will help through increasing maturity of security analytics, machine learning, artificial intelligence and even quantum computing, many challenges still exist.

Non-exhaustive list of global energy-related cyber security information sharing initiatives

Image: Institute for Security and Safety at Brandenburg University and BCG analysis

The electricity sector has always been heavily interconnected with interdependencies across the supply chain, not to mention with other critical infrastructure industries, such as telecommunications, ports and sewage facilities. This interconnectivity is increasing. As the US Secretary of Homeland Security, Kirstjen Nielsen, said: “Hyperconnectivity means that your risk is now my risk and that an attack on the ‘weakest link’ can have consequences affecting us all.” In today’s environment, businesses need to not only secure their “house” but also cooperate along the entire supply chain to ensure that the whole “neighbourhood” is secured.

Given that our sector is one of the most heavily regulated, it is a constant challenge to navigate the regulatory landscape – particularly for multinational organisations who need to comply with slightly different regulations in every market.

Nonetheless, it is crucial to acknowledge that “compliant” does not equal “secure” for our businesses. True cyber resilience is more a matter of strategy and culture than tactics. Strategies which deal with cyber risks as systematically as other business risks and a culture where each employee feels personally responsible for the organisation’s resilience.

The result of our discussions is the recently published “Cyber Resilience in the Electricity Ecosystem” report detailing seven principles for boards of directors of businesses in the electricity sector. These high-level principles are specifically designed to support the advancement of ecosystem-wide cyber resilience in our sector.

Electricity is much more than just another technical system – it is the lifeblood of societies. To preserve the functioning of this vital system requires continuous improvements. Building on the 2018 momentum, our ambitions are growing. In 2019, as co-chairs, we plan to continue leading and working with this public-private group. Using the World Economic Forum’s unique neutral platform we aim to co-develop metrics to support leaders in monitoring the value of their cyber resilience efforts. In addition, we aim to provide recommendations to policymakers on a common global approach to cyber resilience policies, and we aim to enhance collaboration along the electricity supply chain by agreeing on roles and responsibilities between the different stakeholders when it comes to cyber resilience. Is this realistic? Look us up in 12 months.

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Syria: Why did the US-Russia brokered ceasefire collapse? What does the duo care for?

The Commission tries to stop the ‘party’ with the structural funds

We are on the edge of a new ‘cyber’ space age. This is how we make it a success

If people aren’t responding to climate warnings, we need to change the message

Bacteria vs. humans: how to fight in this world war?

Haiti stands ‘at the crossroads’ between peacekeeping, development – Bachelet urges strengthened ‘human rights protection’

“Mental health in times of a pandemic: what can each individual do to lessen the burden”

Here’s how we make the internet safer for children

Fears for food security and the future of farming families, as Fall Armyworm spreads to Asia

This is how many women have been nominated for best director in the Oscars’ entire history

‘We will not give up on looking for peace for South Sudan’: UN deputy chief

7 surprising and outrageous stats about gender inequality

MEPs and European Youth Forum call on EU to Invest in Youth

Are ECB’s €500 billion enough to revive Eurozone? Will the banks pass it to the real economy?

Migration crisis: how big a security threat it is?

Indonesia is buzzing with entrepreneurial spirit. And others in ASEAN aren’t far behind

Why protesters disrupted London Fashion Week

The 28 EU leaders don’t touch the thorny issues

Encryption is under attack. Here’s why that matters

Mountains matter, especially if you’re young, UN declares

With millions of girls ‘at risk’ today of genital mutilation, UN chief calls for zero tolerance

Portugal: Budget MEPs back €4.66 m in job-search aid for 730 redundant workers

Dangers of poor quality health care revealed ‘in all countries’: WHO report

Why Microsoft is a regular to Almunia’s

Tax evasion and fraud threaten the European project

MEPs spell out priorities for the European Central Bank and on banking union

Amidst high trade tensions and policy uncertainty, UN cuts economic growth forecast

Latvian economy is thriving, but boosting productivity, improving social protection and transitioning to a low-carbon productive model are vital for sustainable and inclusive growth

Vulnerable young people must not be blamed & stigmatised for violent radicalisation

How is the global economy fairing 11 years after the financial crisis?

Altruism can be good for business, as these companies show

Why flexible workspaces are the key to winning the talent war

Sahel crisis reaching unprecedented levels, warn top UN humanitarian officials

Medical students: The need for emigration

Coronavirus Global Response: EU Humanitarian Air Bridge supports Venezuela

The challenges of mental health: an inconvenient reality

Fertilisers/cadmium: Parliament and Council negotiators reach provisional deal

Concern rising over fate of Rohingya refugees sent home by India: UNHCR

Climate resilience is make or break for businesses. Here’s why

This is why attractive cities do better economically

American women are 50% more likely to die in childbirth than their mothers

At this ‘critical moment’, UN chief urges anti-corruption conference to adopt united front

Venezuela: MEPs demand free presidential elections and an end to repression

As Alan Turing makes the £50 note, how do countries design their currencies?

European Youth Forum warns of a Peter Pan generation as a result of financial crisis and response to it

Pay packet inequality growing worldwide, says new UN report

MEPs call on Russia to stop illegitimate prosecution of Lithuanian judges

OECD and European Commission join forces to further support structural reforms in European countries

4 steps towards wiping out cervical cancer

Inflation down to 0.7%, unemployment up at 12.2%: Bad omens for Eurozone

This is how New York plans to end its car culture

Supporting the recovery: MEPs adopt budget priorities for 2021

Revolutionary technologies will drive African prosperity – this is why

FROM THE FIELD: Urban Mexico moves toward better livelihoods, cleaner cities

How universities can become a platform for social change

TTIP wins first crucial EU test: MEPs give in to the trade agreement

OECD sees global growth moderating as uncertainties intensify

Why income inequality is bad for the climate

The ECB proposes a swift solution for SMEs’ financing

Meeting of top scientists underway to slow coronavirus spread

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s