View Page As PDF
Share Button
Tweet Button
A recent study pegs the impact of a potential cyber attack on utilities in the mid-Atlantic and Northeast region of the United States at more than $1 trillion. A Lloyds of London study done in conjunction with Cambridge University titled "Business Blackout" paints a rather dire picture of the true national cost of an outage lasting more than 24 hours. While the authors concede that no such attack has been successfully initiated, the assessment assumed an attack that disabled 50 generators in the targeted region and in the authors view is "technologically possible."

So what to make of this dire report? First, state and federal regulators have been and continue to work with all segments of the utility industry-- electric, gas, water and telecommunications-- to ensure that proactive measures are being taken to protect their systems from intrusion. Statistical analysis of cyber attacks reflects utilities being a target far more than financial institutions, though the later generally gets more public attention.

Second, efforts to remain ahead of those who might target the electric or natural gas industries involve physical protection from unauthorized access. In perhaps the most disturbing attack on a facility, a California substation was attacked by unknown, but quite sophisticated, actors and nearly crippled the San Francisco Bay Area. Since then, the  Federal Energy Regulatory Commission and the North American Electric Reliability Corporation (NERC) have established and highlighted the Critical Infrastructure reliability standards. The NERC Critical Infrastructure Protection Committee, comprised of experts in cybersecurity, physical security and operational security, and the Electric Sub-sector Coordinating Council work with federal partners to share valuable information on critical assets, threat vulnerabilities, and best practices for physical and cyber security issues. 

Many state utility commissions are also engaging both the utilities they regulate and the federal agencies noted above to ensure that at the state level proper attention is paid to these crucial issues. These threats also come at a time of transition in the national, state and local power grid as distributed generation, net metering, and smart grid applications both strengthen the resilience of the grid, but also provide more potential access points for nefarious characters to attempt to create havoc on both a large and small scale.

No system is impenetrable. Recent events show that even the United States government is being hacked and more than 20 million people's personal information being exposed to successful hackers. By keeping that fact in mind, utilities and regulators are actively working to mitigate and manage cyber risks and striving to maintain 100 percent system reliability. The costs of defending the grid grow with the advance of technology and those increased costs reflect the true cost of the safe, stable and reliable operation of the North American power grid. 
 
The cost of a data breach can be devastating to an organization. This is a reminder that it is critical to have a comprehensive approach  to data privacy and cybersecurity to limit your risk and exposure if and when a data breach occurs.
 
COMMENT
+