Hackers are causing blackouts. It’s time to boost our cyber resilience

hackers 2019

(Steve Halama, Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Rosa Kariger, Chief Information Security Officer, Iberdrola & Pierre-Alain Graf, Senior Vice-President, ABB


A six-hour winter blackout in mainland France could result in damages to households, businesses and vital institutions totalling over €1.5 billion. A well-orchestrated cyber attack on critical electricity infrastructure could have this type of economic impact on a country. Is this realistic? Officials from the US Department of Homeland Security publicly declared in 2018 that hackers had infiltrated the control rooms of multiple US electricity utilities to the extent that they had the ability to disrupt the flow of electricity to customers.

As the co-chairs of the World Economic Forum’s Systems of Cyber Resilience: Electricity public-private working group for the past year, we have dedicated time to discussing how to mitigate the risk of cyber attacks affecting critical electricity infrastructure and defining the best approach to cyber resilience in the increasingly complex electricity ecosystem.

Over the past 10 years, the electricity sector has experienced significant cyber attacks – the map below provides a non-exhaustive snapshot. In 2010, the Stuxnet computer virus caused significant damage to Iran’s nuclear power centrifuges which were manipulated to spin out of control. In 2014, a team of hackers cancelled approximately $650,000 of electricity bills due to be paid to a Turkish energy company. In 2015, control systems at three Ukrainian energy companies were compromised leaving 225,000 customers in the dark. Again in 2016, ‘Crash Override’ malware cause a second cyber-related blackout in Ukraine.

Sample of energy-related cyber attacks around the world over the past 10 years

Image: BCG. Source: press reports and BCG analysis

Our sector has many years of experience in protecting critical infrastructures from environmental events and physical attacks and in building resilient networks. Now we need to enhance these protocols, implementing new practices and strategies to address the new digital risks. Especially with the increasing number of new technologies and agents entering the ecosystem that, if compromised, could have a cascading effect over the entire electricity system.

Despite multiple electricity specific initiatives to share cyber information, as shown in the figure below, real-time cross-border information sharing at machine speed, and collective situational awareness is still a long way off. While the continuous evolution of technology will help through increasing maturity of security analytics, machine learning, artificial intelligence and even quantum computing, many challenges still exist.

Non-exhaustive list of global energy-related cyber security information sharing initiatives

Image: Institute for Security and Safety at Brandenburg University and BCG analysis

The electricity sector has always been heavily interconnected with interdependencies across the supply chain, not to mention with other critical infrastructure industries, such as telecommunications, ports and sewage facilities. This interconnectivity is increasing. As the US Secretary of Homeland Security, Kirstjen Nielsen, said: “Hyperconnectivity means that your risk is now my risk and that an attack on the ‘weakest link’ can have consequences affecting us all.” In today’s environment, businesses need to not only secure their “house” but also cooperate along the entire supply chain to ensure that the whole “neighbourhood” is secured.

Given that our sector is one of the most heavily regulated, it is a constant challenge to navigate the regulatory landscape – particularly for multinational organisations who need to comply with slightly different regulations in every market.

Nonetheless, it is crucial to acknowledge that “compliant” does not equal “secure” for our businesses. True cyber resilience is more a matter of strategy and culture than tactics. Strategies which deal with cyber risks as systematically as other business risks and a culture where each employee feels personally responsible for the organisation’s resilience.

The result of our discussions is the recently published “Cyber Resilience in the Electricity Ecosystem” report detailing seven principles for boards of directors of businesses in the electricity sector. These high-level principles are specifically designed to support the advancement of ecosystem-wide cyber resilience in our sector.

Electricity is much more than just another technical system – it is the lifeblood of societies. To preserve the functioning of this vital system requires continuous improvements. Building on the 2018 momentum, our ambitions are growing. In 2019, as co-chairs, we plan to continue leading and working with this public-private group. Using the World Economic Forum’s unique neutral platform we aim to co-develop metrics to support leaders in monitoring the value of their cyber resilience efforts. In addition, we aim to provide recommendations to policymakers on a common global approach to cyber resilience policies, and we aim to enhance collaboration along the electricity supply chain by agreeing on roles and responsibilities between the different stakeholders when it comes to cyber resilience. Is this realistic? Look us up in 12 months.

Advertising

the sting Milestone

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

South Eurozone countries threatened by rising borrowing cost and expensive euro

Taxation: Commission refers Poland to Court for failing to remove certain tax exemptions on the use of energy products by highly polluting businesses

2016 crisis update: the year of the Red Fire Monkey burns the world’s markets down

UN chief ‘deeply concerned’ by military escalation in northwest Syria

Why do medical students need to emigrate to become doctors in 2017?

What if Trump wins the November election and Renzi loses the December referendum?

Germany loses leading export place

To Bing or Not to Bing? That is the question

Trump aims trade offensive solely to China, renews truce with EU

If people aren’t responding to climate warnings, we need to change the message

Coding in Namibia: UN supports young women’s computing career dreams

Tributes for ‘role model’ former UN refugee agency chief, Sadako Ogata

UN official sees ‘unprecedented opportunities’ to make progress on peace in Afghanistan

Yemen conflict: ‘Fragile’ hopes rise, as violence decreases and life-saving humanitarian funding surges

New Zealand Prime Minister opens door to 4-day working week

All for equality – 2020 is a pivotal year for Gender Equality

Banks suffocate the real economy by denying loans

Dare to be vulnerable, and three other lessons in leadership

EU-Turkey relations: Erdogan plays the refugee card while beefing up gas operations in the Eastern Mediterranean sea

Nuclear non-proliferation treaty an ‘essential pillar’ of international peace, says UN chief

The 8 pieces of digital DNA we need to thrive in the AI age

Commission proposes a governance framework for the Budgetary Instrument for Convergence and Competitiveness

Myanmar Government side-lining democratic reform, resorting to military era repression: UN expert

These are 2018’s stats of the year

Portugal: €4.66 million in aid for 1,460 dismissed workers and jobless young

The ephemerality of the public-private health boundary

Two women threaten to tear the world apart

Children of ISIL terrorists likely held in ‘secret detention facilities’, UN human rights office warns

Farmers on the frontline in battle against drug-resistant microbes: UN health agency

Q and A: This is how stakeholder capitalism can help heal the planet

Libyans continue ‘spilling their blood on the battlefield’ as fight for Tripoli rages on

Why integrated planning is key to truly transformative electrification

Holocaust survivors rebuild lives and traditions in Rio de Janeiro

Protecting citizens’ access to social security in case of no-deal Brexit

These are the best cities for tech

5 challenges for government adoption of AI

Easier Schengen Visas for non-EU holiday makers: A crucial issue for south Eurozone countries

Investors have a role in securing our shared digital future

GSMA Mobile 360 – Digital Societies in Kuala Lumpur, in association with The European Sting

As ride-hailing firms drive into the future, who is being left behind?

Egypt urged to free prominent couple jailed arbitrarily since last June: UN rights office

UN ‘determined to lead by example’ on disability rights: Guterres

Deutsche Bank again in the middle of the US-EU economic skirmishes

UN agriculture chief urges ‘transformative changes’ to how we eat

Restoring prospect of peace in Middle East is ‘our shared responsibility’ UN envoy tells Security Council

Here’s how we get businesses to harmonize on climate change

Greece’s last Eurogroup or the beginning of a new solid European Union?

Nordic companies prove doing good is good for the bottom line

FROM THE FIELD: Powering up health care in Sub-Saharan Africa

Amid strong outlook for U.S. economy, risks abound

European Parliament and Eurovision sign partnership for European Elections

Obama turns the G20 summit into warmongering platform

Shinzō Abe, on the right, and Jean-Claude Juncker at EU-Japan Summit in Tokyo last week. (Copyright: European Union, 2018 / Photo: Etienne Ansotte)

EU and Japan ratify first FTA ever to include Paris Climate Agreement provision

Friday’s Daily Brief: human rights in Sudan, sombre anniversaries for Rwanda and Nigeria, and fears of ‘chaos’ in Libya

EU Budget 2019 deal: EP boosts support for researchers and the young

G20: Less growth, more austerity for developing countries

‘Unconscionable’ to kill aid workers, civilians: UN Emergency Coordinator

Yemen consultations have started, insists top UN negotiator

How a more integrated approach could help to end energy poverty

Quantum leap: why the next wave of computers will change the world

More Stings?

Advertising

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s