Hackers are causing blackouts. It’s time to boost our cyber resilience

hackers 2019

(Steve Halama, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Rosa Kariger, Chief Information Security Officer, Iberdrola & Pierre-Alain Graf, Senior Vice-President, ABB


A six-hour winter blackout in mainland France could result in damages to households, businesses and vital institutions totalling over €1.5 billion. A well-orchestrated cyber attack on critical electricity infrastructure could have this type of economic impact on a country. Is this realistic? Officials from the US Department of Homeland Security publicly declared in 2018 that hackers had infiltrated the control rooms of multiple US electricity utilities to the extent that they had the ability to disrupt the flow of electricity to customers.

As the co-chairs of the World Economic Forum’s Systems of Cyber Resilience: Electricity public-private working group for the past year, we have dedicated time to discussing how to mitigate the risk of cyber attacks affecting critical electricity infrastructure and defining the best approach to cyber resilience in the increasingly complex electricity ecosystem.

Over the past 10 years, the electricity sector has experienced significant cyber attacks – the map below provides a non-exhaustive snapshot. In 2010, the Stuxnet computer virus caused significant damage to Iran’s nuclear power centrifuges which were manipulated to spin out of control. In 2014, a team of hackers cancelled approximately $650,000 of electricity bills due to be paid to a Turkish energy company. In 2015, control systems at three Ukrainian energy companies were compromised leaving 225,000 customers in the dark. Again in 2016, ‘Crash Override’ malware cause a second cyber-related blackout in Ukraine.

Sample of energy-related cyber attacks around the world over the past 10 years

Image: BCG. Source: press reports and BCG analysis

Our sector has many years of experience in protecting critical infrastructures from environmental events and physical attacks and in building resilient networks. Now we need to enhance these protocols, implementing new practices and strategies to address the new digital risks. Especially with the increasing number of new technologies and agents entering the ecosystem that, if compromised, could have a cascading effect over the entire electricity system.

Despite multiple electricity specific initiatives to share cyber information, as shown in the figure below, real-time cross-border information sharing at machine speed, and collective situational awareness is still a long way off. While the continuous evolution of technology will help through increasing maturity of security analytics, machine learning, artificial intelligence and even quantum computing, many challenges still exist.

Non-exhaustive list of global energy-related cyber security information sharing initiatives

Image: Institute for Security and Safety at Brandenburg University and BCG analysis

The electricity sector has always been heavily interconnected with interdependencies across the supply chain, not to mention with other critical infrastructure industries, such as telecommunications, ports and sewage facilities. This interconnectivity is increasing. As the US Secretary of Homeland Security, Kirstjen Nielsen, said: “Hyperconnectivity means that your risk is now my risk and that an attack on the ‘weakest link’ can have consequences affecting us all.” In today’s environment, businesses need to not only secure their “house” but also cooperate along the entire supply chain to ensure that the whole “neighbourhood” is secured.

Given that our sector is one of the most heavily regulated, it is a constant challenge to navigate the regulatory landscape – particularly for multinational organisations who need to comply with slightly different regulations in every market.

Nonetheless, it is crucial to acknowledge that “compliant” does not equal “secure” for our businesses. True cyber resilience is more a matter of strategy and culture than tactics. Strategies which deal with cyber risks as systematically as other business risks and a culture where each employee feels personally responsible for the organisation’s resilience.

The result of our discussions is the recently published “Cyber Resilience in the Electricity Ecosystem” report detailing seven principles for boards of directors of businesses in the electricity sector. These high-level principles are specifically designed to support the advancement of ecosystem-wide cyber resilience in our sector.

Electricity is much more than just another technical system – it is the lifeblood of societies. To preserve the functioning of this vital system requires continuous improvements. Building on the 2018 momentum, our ambitions are growing. In 2019, as co-chairs, we plan to continue leading and working with this public-private group. Using the World Economic Forum’s unique neutral platform we aim to co-develop metrics to support leaders in monitoring the value of their cyber resilience efforts. In addition, we aim to provide recommendations to policymakers on a common global approach to cyber resilience policies, and we aim to enhance collaboration along the electricity supply chain by agreeing on roles and responsibilities between the different stakeholders when it comes to cyber resilience. Is this realistic? Look us up in 12 months.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

A Sting Exclusive: “Cybersecurity Act for safer European Industries and Consumers against cyberthreats”, by MEP Niebler

Environmental liability rules need revamping

Failing to see reality or deceiving the masses? The EU about poverty and social exclusion

Why #Wherearethewomen? is an $11 trillion question

Food safety: more transparency, better risk prevention

5 things we get wrong about young people, according to a US study

UN ‘regrets’ new US position on legality of Israeli settlements

The drive for quality education worldwide, faces ‘mammoth challenges’

Draghi cuts the Gordian knot of the Banking Union

At last a good price for the Greek debt!

Cédric in India

Commission approves emergency measures to protect eastern Baltic cod

Portuguese Presidency outlines priorities to EP committees

Brexit: An orderly exit is in the interests of both parties

Professional practices of primary health care for Brazilian health and gender inequality

The eyes of Brazil and the world turn to the largest rainforest and largest biodiversity reserve on Earth #PrayForAmazonia.

Solidarity needed to overcome ‘isolated’ attacks on Venezuela refugees, migrants

GSMA Mobile 360 – Africa on 16-18 July 2019, in association with The European Sting

Do electronic cigarettes produce adverse health effects?

3 ways firms can master the digital challenges of the 4IR

‘Negative forces’ at work in DR Congo threaten ‘largely peaceful’ relations across Great Lakes region, says outgoing UN envoy

Eurozone banks to separate risky activities: Can they stay afloat?

European Commission statement on the adoption of the new energy lending policy of the European Investment Bank Group

OECD tells Eurozone to prepare its banks for a tsunami coming from developing countries

How energy infrastructure is shaping geopolitics in East Asia

Do academia and banks favour a new Middle Ages period?

Draghi indirectly accuses Germany of using double standards in financial issues

New SDG Advocates sign up for ‘peace, prosperity, people’ and planet, on the road to 2030

G20 LIVE: “International communities and leaders have great expectations for 2016 G20 summit in Hangzhou China”, Mr Wang Xiaolong, the Chinese Foreign Ministry’s special envoy stresses live from G20 in Antalya Turkey

Boris ‘single-handed’ threatens mainland Europe; can he afford a no-deal Brexit?

UN experts voice ‘deep concern’ over Iran’s ‘consistent pattern’ of denying life-saving medical treatment to detainees

COVID-19 has accelerated the digital transformation of higher education

A critical European young voice on Net Neutrality: the distance between Brussels and Washington

Access to health and guarantee of sexual and reproductive rights as a way of eradicating HIV

Indigenous peoples ‘lag behind on all social and economic indicators’: UN deputy human rights chief

Commission proposes a governance framework for the Budgetary Instrument for Convergence and Competitiveness

Ukraine takes EU money and runs to sign with Russia

Why trade wars have no winners

Have central banks missed the exit train?

FROM THE FIELD: A UN peacekeepers-eye view of DR Congo

Eurozone: The cycle of deficits, debts and austerity revisited

Bacteria vs. humans: how to fight in this world war?

Palestinian students ‘compelled to drop dreams because of financial cuts’

Why diversity needs your star power, as well as sponsors

Africa’s shrinking lake shows the impact of climate change on women and indigenous people

“BEUC cautions against TTIP that would seek to align EU and US chemicals management frameworks”

UN-based World Summit Award (WSA) presents its master list on digital innovation with impact on society from 24 countries

Britain’s poet laureate has created a prize to highlight poetry about the climate crisis

The future of global trade – in 7 charts

New report says better metrics could have prompted stronger response to the crisis

EU decides “in absentia” of civil society

This is why you need that second COVID-19 vaccine dose, says WHO’s Chief Scientist

Refugee crisis update: Commission is struggling alone with little help from EU or G7 leaders

Universal basic income is the answer to the inequalities exposed by COVID-19

This project in India is turning PPE into mattresses

Leveraging digital for high quality internships

These Dutch microgrid communities can supply 90% of their energy needs

UN General Assembly celebrates 20 years of promoting a culture of peace

Fighting forest fires in Europe – how it works

Obesity rates soar due to dramatic global diet shift, says UN food agency

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s