Cyber-security leaps onto the list of the top five concerns for U.S. electric utilities this year, yet fewer than a third say they’re prepared to meet the growing threat of an attack, according to a new survey.
“The industry is paying attention and actively seeking ways to bolster security practices to limit power system vulnerability,” says an annual report from the consulting, construction and engineering firm Black & Veatch titled “2014 Strategic Directions: U.S. Electric Industry.” “We are seeing an industry that is actively moving forward with the deployment of comprehensive asset protection plans following several high-profile cyber and physical threat events.”
However, only 32 percent of electric utilities surveyed for the report had integrated security systems with the “proper segmentation, monitoring and redundancies” needed for cyber-threat protection. Another 48 percent said they did not.
Cyber-security ranked sixth a year ago and now is the fourth-highest concern for electric utilities, behind reliability, environmental regulation and economic regulation, according to the report.
“This rise in concern about cyber-attacks comes on the heels of headline-grabbing cyber incidents,” the report says, also citing a new round of stricter cyber-security standards from federal regulators.
A federal analysis reported by The Wall Street Journal in March showed that if only nine of the country’s 55,000 electrical substations were to go down – whether from mechanical issues or malicious attack – the nation would be plunged into a coast-to-coast blackout. One month later, sniper fire knocked out a substation in San Jose, California.
Other reports, meanwhile, have said that virtually all the country’s gas and electric utilities were relying on vulnerable Windows XP operating systems at workstations, and that the electrical grid at large stands susceptible to cyber-attack from abroad and organized criminal networks.
Such news has had an apparent effect: This spring, federal regulators adopted a new round of cyber-security standards for the electric industry. Cyber-security, in turn, “surged in the ranking of the Top 10 industry issues … leapfrogging two spots to number four,” the report found.
The new regulations, in particular, have sparked greater demand for security assessments.
“Foresight is forearmed. In an environment where threats are both real and virtual and physical damage can be triggered by natural forces or nefarious intent, the best approach is preparedness,” the report says. “There is not a single solution, but with an approach that addresses the physical elements of cyber-security and the cyber elements of physical asset security, organizations will be better equipped and educated to manage the full spectrum of dangers.”