Hackers are causing blackouts. It’s time to boost our cyber resilience

hackers 2019

(Steve Halama, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Rosa Kariger, Chief Information Security Officer, Iberdrola & Pierre-Alain Graf, Senior Vice-President, ABB


A six-hour winter blackout in mainland France could result in damages to households, businesses and vital institutions totalling over €1.5 billion. A well-orchestrated cyber attack on critical electricity infrastructure could have this type of economic impact on a country. Is this realistic? Officials from the US Department of Homeland Security publicly declared in 2018 that hackers had infiltrated the control rooms of multiple US electricity utilities to the extent that they had the ability to disrupt the flow of electricity to customers.

As the co-chairs of the World Economic Forum’s Systems of Cyber Resilience: Electricity public-private working group for the past year, we have dedicated time to discussing how to mitigate the risk of cyber attacks affecting critical electricity infrastructure and defining the best approach to cyber resilience in the increasingly complex electricity ecosystem.

Over the past 10 years, the electricity sector has experienced significant cyber attacks – the map below provides a non-exhaustive snapshot. In 2010, the Stuxnet computer virus caused significant damage to Iran’s nuclear power centrifuges which were manipulated to spin out of control. In 2014, a team of hackers cancelled approximately $650,000 of electricity bills due to be paid to a Turkish energy company. In 2015, control systems at three Ukrainian energy companies were compromised leaving 225,000 customers in the dark. Again in 2016, ‘Crash Override’ malware cause a second cyber-related blackout in Ukraine.

Sample of energy-related cyber attacks around the world over the past 10 years

Image: BCG. Source: press reports and BCG analysis

Our sector has many years of experience in protecting critical infrastructures from environmental events and physical attacks and in building resilient networks. Now we need to enhance these protocols, implementing new practices and strategies to address the new digital risks. Especially with the increasing number of new technologies and agents entering the ecosystem that, if compromised, could have a cascading effect over the entire electricity system.

Despite multiple electricity specific initiatives to share cyber information, as shown in the figure below, real-time cross-border information sharing at machine speed, and collective situational awareness is still a long way off. While the continuous evolution of technology will help through increasing maturity of security analytics, machine learning, artificial intelligence and even quantum computing, many challenges still exist.

Non-exhaustive list of global energy-related cyber security information sharing initiatives

Image: Institute for Security and Safety at Brandenburg University and BCG analysis

The electricity sector has always been heavily interconnected with interdependencies across the supply chain, not to mention with other critical infrastructure industries, such as telecommunications, ports and sewage facilities. This interconnectivity is increasing. As the US Secretary of Homeland Security, Kirstjen Nielsen, said: “Hyperconnectivity means that your risk is now my risk and that an attack on the ‘weakest link’ can have consequences affecting us all.” In today’s environment, businesses need to not only secure their “house” but also cooperate along the entire supply chain to ensure that the whole “neighbourhood” is secured.

Given that our sector is one of the most heavily regulated, it is a constant challenge to navigate the regulatory landscape – particularly for multinational organisations who need to comply with slightly different regulations in every market.

Nonetheless, it is crucial to acknowledge that “compliant” does not equal “secure” for our businesses. True cyber resilience is more a matter of strategy and culture than tactics. Strategies which deal with cyber risks as systematically as other business risks and a culture where each employee feels personally responsible for the organisation’s resilience.

The result of our discussions is the recently published “Cyber Resilience in the Electricity Ecosystem” report detailing seven principles for boards of directors of businesses in the electricity sector. These high-level principles are specifically designed to support the advancement of ecosystem-wide cyber resilience in our sector.

Electricity is much more than just another technical system – it is the lifeblood of societies. To preserve the functioning of this vital system requires continuous improvements. Building on the 2018 momentum, our ambitions are growing. In 2019, as co-chairs, we plan to continue leading and working with this public-private group. Using the World Economic Forum’s unique neutral platform we aim to co-develop metrics to support leaders in monitoring the value of their cyber resilience efforts. In addition, we aim to provide recommendations to policymakers on a common global approach to cyber resilience policies, and we aim to enhance collaboration along the electricity supply chain by agreeing on roles and responsibilities between the different stakeholders when it comes to cyber resilience. Is this realistic? Look us up in 12 months.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Your chocolate can help save the planet. Here’s how

‘Moral obligation and political imperative’ to support Syria on path to peace: Guterres

How digital remittances can help drive sustainable development

Growing up near green space is good for your mental health as an adult

Why growth is now a one way road for Eurozone

Economic sentiment and business climate stagnate in miserable euro area

The European Youth Forum needs better signal for its “call” for Quality Internships

Charles Michel advocates a strong Europe that acts where it can add real value

MEPs back plans to promote water reuse for agricultural irrigation

Idea of ‘homogenous’ Polish culture is a myth: UN human rights expert

Counting unemployment in the EU: The real rate comes to anything between 16.1% and 20.6%

Greener economies and investment to reduce unemployment and increase global growth

Climate change: Direct and indirect impacts on health

Banks promise easing of credit conditions in support of the real economy

EU and India re-open talks over strategic partnership while prepare for a Free Trade Agreement

“Austerity was not the alternative!”, President Hannes Swoboda of the European Socialists and Democrats on another Sting Exclusive

Nagasaki is ‘a global inspiration’ for peace, UN chief says marking 73rd anniversary of atomic bombing

EU budget 2021-2027: Commission calls on leaders to set out a roadmap towards an autumn agreement

How drones can manage the food supply chain and tell you if what you eat is sustainable

The EU invites the US and Russia to partition Ukraine

Summertime Consultation: 84% want Europe to stop changing the clock

Syria war: executions condemned as violence continues ‘on both sides’ of border with Turkey

ECB ready to counter the rise of the euro?

Entrepreneurship and strategic planning: the enabler

This is where people work the longest – and shortest – hours

Financial support for workers affected by no-deal Brexit

Draghi tells the Parliament the ECB to use all its weaponry; euro slides to parity with the dollar

OK computer: why the machine age still needs humans

Clean air is good for business

MEP Cristiana Muscardini @ European Business Summit 2014: International Trade in Europe

COP25: Global investors urge countries to meet climate action goals

Brexit: EP Group leaders support a flexible extension until 31/1/20

Cultural tolerance is a must: “No sir, I’m not inferior!”

DR Congo: Electoral process advancing despite threat of armed groups, UN envoy tells Security Council

European Youth Forum warns of a Peter Pan generation as a result of financial crisis and response to it

These coastal countries are sinking the fastest

EU–Canada Summit: strengthening the rules-based international order

The world invested almost $2 trillion in energy last year. These 3 charts show where it went

Thailand gave healthcare to its entire population and the results were dramatic

MEPs call on Russia to stop illegitimate prosecution of Lithuanian judges

UN chief calls for Security Council to work with Myanmar to end ‘horrendous suffering’ of Rohingya refugees

Youth Forum calls on Parliament to ease entry into Europe for young people

Banks can fight financial crime. But we can’t do it alone

Moving from commitment to action on LGBTI equality

These 5 countries plan to slash their CO2 emissions. But how will they do it?

Commission’s report shows that targeted investment and robust digital policies boost Member States’ performance

At UN, Yemen Foreign Minister demands end to ‘Iranian-Houthi coup d’etat’

ILO discusses world of work response to global refugee crisis

The Brussels bureaucracy blocks the Youth Guarantee scheme

Inflammation is the fuel that feeds the cancer flame. So how do we fight back?

Health Education, is it a necessity?

5 rules for making employers and employees trust each other again

Why the ocean holds the key to sustainable development

EU seems to fail its moderate migration promises postponing them for end 2015

Ebola: EU releases additional €3.5 million to tackle epidemic

Key economic forum in Russia: New technology a ‘vector of hope’ but also ‘a source of fear’ says Guterres

3 steps to making multistakeholder partnerships a powerful force

Amending Guatemala ‘reconciliation law’ would lead to unjust amnesty, warns Bachelet

If this is Globalization 4.0, what were the other three?

The United States divorce rate is dropping, thanks to millennials

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s