Hackers are causing blackouts. It’s time to boost our cyber resilience

hackers 2019

(Steve Halama, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Rosa Kariger, Chief Information Security Officer, Iberdrola & Pierre-Alain Graf, Senior Vice-President, ABB


A six-hour winter blackout in mainland France could result in damages to households, businesses and vital institutions totalling over €1.5 billion. A well-orchestrated cyber attack on critical electricity infrastructure could have this type of economic impact on a country. Is this realistic? Officials from the US Department of Homeland Security publicly declared in 2018 that hackers had infiltrated the control rooms of multiple US electricity utilities to the extent that they had the ability to disrupt the flow of electricity to customers.

As the co-chairs of the World Economic Forum’s Systems of Cyber Resilience: Electricity public-private working group for the past year, we have dedicated time to discussing how to mitigate the risk of cyber attacks affecting critical electricity infrastructure and defining the best approach to cyber resilience in the increasingly complex electricity ecosystem.

Over the past 10 years, the electricity sector has experienced significant cyber attacks – the map below provides a non-exhaustive snapshot. In 2010, the Stuxnet computer virus caused significant damage to Iran’s nuclear power centrifuges which were manipulated to spin out of control. In 2014, a team of hackers cancelled approximately $650,000 of electricity bills due to be paid to a Turkish energy company. In 2015, control systems at three Ukrainian energy companies were compromised leaving 225,000 customers in the dark. Again in 2016, ‘Crash Override’ malware cause a second cyber-related blackout in Ukraine.

Sample of energy-related cyber attacks around the world over the past 10 years

Image: BCG. Source: press reports and BCG analysis

Our sector has many years of experience in protecting critical infrastructures from environmental events and physical attacks and in building resilient networks. Now we need to enhance these protocols, implementing new practices and strategies to address the new digital risks. Especially with the increasing number of new technologies and agents entering the ecosystem that, if compromised, could have a cascading effect over the entire electricity system.

Despite multiple electricity specific initiatives to share cyber information, as shown in the figure below, real-time cross-border information sharing at machine speed, and collective situational awareness is still a long way off. While the continuous evolution of technology will help through increasing maturity of security analytics, machine learning, artificial intelligence and even quantum computing, many challenges still exist.

Non-exhaustive list of global energy-related cyber security information sharing initiatives

Image: Institute for Security and Safety at Brandenburg University and BCG analysis

The electricity sector has always been heavily interconnected with interdependencies across the supply chain, not to mention with other critical infrastructure industries, such as telecommunications, ports and sewage facilities. This interconnectivity is increasing. As the US Secretary of Homeland Security, Kirstjen Nielsen, said: “Hyperconnectivity means that your risk is now my risk and that an attack on the ‘weakest link’ can have consequences affecting us all.” In today’s environment, businesses need to not only secure their “house” but also cooperate along the entire supply chain to ensure that the whole “neighbourhood” is secured.

Given that our sector is one of the most heavily regulated, it is a constant challenge to navigate the regulatory landscape – particularly for multinational organisations who need to comply with slightly different regulations in every market.

Nonetheless, it is crucial to acknowledge that “compliant” does not equal “secure” for our businesses. True cyber resilience is more a matter of strategy and culture than tactics. Strategies which deal with cyber risks as systematically as other business risks and a culture where each employee feels personally responsible for the organisation’s resilience.

The result of our discussions is the recently published “Cyber Resilience in the Electricity Ecosystem” report detailing seven principles for boards of directors of businesses in the electricity sector. These high-level principles are specifically designed to support the advancement of ecosystem-wide cyber resilience in our sector.

Electricity is much more than just another technical system – it is the lifeblood of societies. To preserve the functioning of this vital system requires continuous improvements. Building on the 2018 momentum, our ambitions are growing. In 2019, as co-chairs, we plan to continue leading and working with this public-private group. Using the World Economic Forum’s unique neutral platform we aim to co-develop metrics to support leaders in monitoring the value of their cyber resilience efforts. In addition, we aim to provide recommendations to policymakers on a common global approach to cyber resilience policies, and we aim to enhance collaboration along the electricity supply chain by agreeing on roles and responsibilities between the different stakeholders when it comes to cyber resilience. Is this realistic? Look us up in 12 months.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

the European Sting Milestones

Featured Stings

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

We finally have a life-saving vaccine for Ebola

Refugee crisis update: Commission is struggling alone with little help from EU or G7 leaders

Senior UN officials call for return to sea rescues, after ‘the worst Mediterranean tragedy of this year’

Under fire, UN refugee agency evacuates 135 detained in Libya to Niger

Further reforms in Sweden can drive growth, competitiveness and social cohesion

Eight years in, Syria still embroiled in conflict ‘that no longer sparks outrage’, Security Council hears

Sudan: top UN official demands cessation of violence and rape against civilians by security forces

Is co-living an answer to the affordable housing crisis?

This is why people live, work and stay in a growing city

4 big trends for the sharing economy in 2019

Blockchain can change the face of renewable energy in Africa. Here’s how

Eurostat confirms a dangerously fast falling inflation in Eurozone

5G will drive Industry 4.0 in the Middle East and Africa

What meat consumption has brought to the environment and how herbal diets can help human health

How much time has the ‘European Union of last chance’ left?

Weak growth of G20 international merchandise trade in third quarter of 2018

In Washington D.C., Guterres signs pact with World Bank, meets US President Trump

These are the 3 key skill sets workers will need to learn by 2030

China greenlights first underwater high-speed railway

More capital and liquidity for the banks

ECB readies itself for extraordinary monetary measures defying Germany

On the Global Day of Parents, UNICEF is urging support for parents to give children ‘the best start in life’

Ride-hailing apps are making the developing world’s traffic problems worse

A free press is ‘cornerstone’ for accountability and ‘speaking truth to power’: Guterres

Miguel Arias Cañete European Commission

EU should invest more in climate and not sit back on its laurels and watch

Scientists have created biodegradable microneedles to fight eye disease

How migrants who send money home have become a global economic force

This is what Belgium’s traffic-choked capital is doing about emissions

Investing in working conditions and quality jobs

Commission presents its response to Antisemitism and a survey showing Antisemitism is on the rise in the EU

The importance of exchanges for the medical students of the world

Here’s how we reboot digital trade for the 21st century

COP21 Breaking News: Paris Pact on Water and Climate Change Adaptation Announced

‘Break the cycle’ of disaster-response-recovery, urges top UN official, as death toll mounts from Cyclone Idai

Combatting terrorism: EP special committee calls for closer EU cooperation

Youth Parliament to finalise millennials´ priorities for future of the EU

Mosul’s ‘3D contamination’ adds to challenges of deadly mine clearance work

The 13th round of TTIP negotiations hits a wall of intense protests and growing concerns

This AI outperformed 20 corporate lawyers at legal work

Big world banks to pay $ 4.95bn for cheating customers; Is it a punishment or a gentle caress?

Why private investment in deforestation-free commodity production needs to be scaled up

INTERVIEW: ‘Defend the people, not the States’, says outgoing UN human rights chief

Except Poland, can climate change also wait until 2021 for the EU Market Stability Reserve to be launched?

How to help companies become global defenders of LGBTI rights

These refugee children have danced in the snow for the first time

GSMA announces new keynote speakers for 2018 Mobile World Congress

New book honours UN women who made HERstory

The European giant tourism sector in constant growth

Congolese expelled from Angola returning to ‘desperate situation’: UN refugee agency

Women ‘vital’ to peace efforts and ensuring long-lasting stability in Afghanistan

This is what a smart city should do for its people

EU members commit to build an integrated gas market and finally cut dependency on Russia

Is Eurozone heading for disinflation?

‘Maintain calm’ and ‘exercise patience’ UN envoy urges, as Nigeria heads to polls

EU to scrutinise foreign direct investment more closely

American women are 50% more likely to die in childbirth than their mothers

Myanmar military target civilians in deadly helicopter attack, UN rights office issues war crimes warning

Eurozone’s north-south growth gap to become structural

MEP Cristiana Muscardini @ European Business Summit 2014: International Trade in Europe

“As German Chancellor I want to be able to cope with the merger of the real and digital economy”, Angela Merkel from Switzerland; the Sting reports live from World Economic Forum 2015 in Davos

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s