Hackers are causing blackouts. It’s time to boost our cyber resilience

hackers 2019

(Steve Halama, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Rosa Kariger, Chief Information Security Officer, Iberdrola & Pierre-Alain Graf, Senior Vice-President, ABB


A six-hour winter blackout in mainland France could result in damages to households, businesses and vital institutions totalling over €1.5 billion. A well-orchestrated cyber attack on critical electricity infrastructure could have this type of economic impact on a country. Is this realistic? Officials from the US Department of Homeland Security publicly declared in 2018 that hackers had infiltrated the control rooms of multiple US electricity utilities to the extent that they had the ability to disrupt the flow of electricity to customers.

As the co-chairs of the World Economic Forum’s Systems of Cyber Resilience: Electricity public-private working group for the past year, we have dedicated time to discussing how to mitigate the risk of cyber attacks affecting critical electricity infrastructure and defining the best approach to cyber resilience in the increasingly complex electricity ecosystem.

Over the past 10 years, the electricity sector has experienced significant cyber attacks – the map below provides a non-exhaustive snapshot. In 2010, the Stuxnet computer virus caused significant damage to Iran’s nuclear power centrifuges which were manipulated to spin out of control. In 2014, a team of hackers cancelled approximately $650,000 of electricity bills due to be paid to a Turkish energy company. In 2015, control systems at three Ukrainian energy companies were compromised leaving 225,000 customers in the dark. Again in 2016, ‘Crash Override’ malware cause a second cyber-related blackout in Ukraine.

Sample of energy-related cyber attacks around the world over the past 10 years

Image: BCG. Source: press reports and BCG analysis

Our sector has many years of experience in protecting critical infrastructures from environmental events and physical attacks and in building resilient networks. Now we need to enhance these protocols, implementing new practices and strategies to address the new digital risks. Especially with the increasing number of new technologies and agents entering the ecosystem that, if compromised, could have a cascading effect over the entire electricity system.

Despite multiple electricity specific initiatives to share cyber information, as shown in the figure below, real-time cross-border information sharing at machine speed, and collective situational awareness is still a long way off. While the continuous evolution of technology will help through increasing maturity of security analytics, machine learning, artificial intelligence and even quantum computing, many challenges still exist.

Non-exhaustive list of global energy-related cyber security information sharing initiatives

Image: Institute for Security and Safety at Brandenburg University and BCG analysis

The electricity sector has always been heavily interconnected with interdependencies across the supply chain, not to mention with other critical infrastructure industries, such as telecommunications, ports and sewage facilities. This interconnectivity is increasing. As the US Secretary of Homeland Security, Kirstjen Nielsen, said: “Hyperconnectivity means that your risk is now my risk and that an attack on the ‘weakest link’ can have consequences affecting us all.” In today’s environment, businesses need to not only secure their “house” but also cooperate along the entire supply chain to ensure that the whole “neighbourhood” is secured.

Given that our sector is one of the most heavily regulated, it is a constant challenge to navigate the regulatory landscape – particularly for multinational organisations who need to comply with slightly different regulations in every market.

Nonetheless, it is crucial to acknowledge that “compliant” does not equal “secure” for our businesses. True cyber resilience is more a matter of strategy and culture than tactics. Strategies which deal with cyber risks as systematically as other business risks and a culture where each employee feels personally responsible for the organisation’s resilience.

The result of our discussions is the recently published “Cyber Resilience in the Electricity Ecosystem” report detailing seven principles for boards of directors of businesses in the electricity sector. These high-level principles are specifically designed to support the advancement of ecosystem-wide cyber resilience in our sector.

Electricity is much more than just another technical system – it is the lifeblood of societies. To preserve the functioning of this vital system requires continuous improvements. Building on the 2018 momentum, our ambitions are growing. In 2019, as co-chairs, we plan to continue leading and working with this public-private group. Using the World Economic Forum’s unique neutral platform we aim to co-develop metrics to support leaders in monitoring the value of their cyber resilience efforts. In addition, we aim to provide recommendations to policymakers on a common global approach to cyber resilience policies, and we aim to enhance collaboration along the electricity supply chain by agreeing on roles and responsibilities between the different stakeholders when it comes to cyber resilience. Is this realistic? Look us up in 12 months.

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

Advertising

the European Sting Milestones

Featured Stings

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Tuesday’s Daily Brief: Guterres calls for restraint in Venezuela, Jazz Day, the importance of breastfeeding, and updates from Libya, Iran and Mozambique

Hundreds of wounded Gaza protesters risk limb amputation without immediate help, warns top UN official

Boom in Artificial Intelligence patents, points to ‘quantum leap’ in tech: UN report

Children are forgetting the names for plants and animals

EU-Vietnam: Council adopts decisions to sign trade and investment agreements

The US is withdrawing from a 144-year-old treaty. Here’s the context

This is why Denmark, Sweden and Germany are considering a meat tax

Without tackling ‘gross inequalities’ major issues will go unsolved, warns UN rights chief Bachelet

Helping small businesses fight cybercrime benefits the global ecosystem

Autumn 2018 Economic Forecast: sustained but less dynamic growth amid high uncertainty

A day in the life of a refugee: the wait

The psychology of pandemics

Does it pay for cities to be green?

The time is up but the game is still not over for Greece: negotiations continue in anticipation of a new deal

European Commission and four online marketplaces sign a Product Safety Pledge to remove dangerous products

Will Merkel ever steer the EU migration Titanic and restore her power in Germany?

Intervene, don’t overthink – the new mantra of systems design

Can India reduce deaths on one hazardous road to zero? This group is trying

Is Britain to sail alone in the high seas of trade wars?

GSMA announces speakers for Mobile 360 Series-West Africa

Ten UN peacekeepers killed in a terrorist attack in northern Mali

European Employment Forum 2013 and not European Unemployment Forum 2014

Good Governance in developing modern quality infrastructure systems

Peru should help more young vulnerable people into work

EU security and defence industry prepares positions for ‘producers’ and ‘customers’

How to build a digital infrastructure that benefits emerging economies

Innovation for a smarter world: ITU Telecom World 2018

In Libya, Guterres ‘deeply concerned’ by risk of fresh military confrontation, urges restraint

Theresa May’s global Britain against Philip Hammond’s Brexit fog

Commission facilitates the activities of ‘merchants of labour’

Easing funding woes for UN agency assisting Palestine refugees a ‘wise investment for today and the future’

Superconductors: the miracle materials powering an energy revolution

Foreign direct investments the success secrete of Eurozone

“Who do I call if I want to call Europe?” Finally a name and a number to answer Henry Kissinger’s question

The latest emoji are more inclusive – but who approves them?

5 ways Denmark is preparing for the future of work

More than one million sexually transmitted infections occur every day: WHO

Forests ‘essential’ for the future, UN agriculture chief spells out in new report

Unemployment and exclusion brings EU cities to boiling point

Utmost hypocrisy emitted by EU’s energy regulation

OECD: Mind the financial gap that lies ahead

Digital transformation and the rise of the ‘superjob’

These cities score an ‘A’ for environmental action – but hundreds more are falling behind

Ebola: EU provides an additional €30 million to tackle the outbreak in the Democratic Republic of Congo

Will the EU reconsider Frontex’s role in light of accusations about violations of migrants’ human rights?

A day in the life of a refugee: the role of nations and citizens of the world

UN health agency identifies 5-year-old Congolese boy as first confirmed case of Ebola in Uganda

The Commission sees ‘moderate recovery’ but prospects deteriorate

Medical students: The need for emigration

UN human rights chief denounces grave ‘assaults’ on fundamental rights of Palestinian people

African migration: what the numbers really tell us

Trade Committee advocates lower tariffs in Western Sahara

We can make sure Globalization 4.0 leaves no one behind. This is how

Take-home pay growing at lowest level since 2008, as gender-gap persists: UN labour agency

UN chief praises Japanese climate resilience, as Typhoon Hagibis cleanup begins

An EU first: youth Ministers debate youth participation in live broadcast

Electronic Cigarettes: A booster or alternative to Smoking?

Science is ‘key’ to pushing forward the 2030 Agenda, UN development forum told

Air pollution could be responsible for 1 in 7 new cases of diabetes

The West definitively cuts Russia off from the developed world

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s