Electric utilities in the U.S. are finally seeing the light as just under 33 percent said they are prepared to meet the growing threat of an attack, new research found.
“The industry is paying attention and actively seeking ways to bolster security practices to limit power system vulnerability,” said the annual report from the consulting, construction and engineering firm Black & Veatch entitled “2014 Strategic Directions: U.S. Electric Industry.” “We are seeing an industry that is actively moving forward with the deployment of comprehensive asset protection plans following several high-profile cyber and physical threat events.”
The problem is 32 percent of electric utilities surveyed for the report had integrated security systems with the “proper segmentation, monitoring and redundancies” needed for cyber threat protection. Another 48 percent said they did not.
Cyber security ranked sixth a year ago and now is the fourth-highest concern for electric utilities, behind reliability, environmental regulation and economic regulation, according to the report.
“This rise in concern about cyber attacks comes on the heels of headline-grabbing cyber incidents,” the report said, also citing a new round of stricter cyber security standards from federal regulators.
A federal analysis reported by The Wall Street Journal in March showed if only nine of the country’s 55,000 electrical substations were to go down – whether from mechanical issues or malicious attack – the nation could fall into a coast-to-coast blackout. One month later, sniper fire knocked out a substation in San Jose, CA.
Other reports, meanwhile, have said that virtually all the country’s gas and electric utilities were relying on vulnerable Windows XP operating systems at workstations, and the electrical grid at large remains susceptible to cyber attack from abroad and organized criminal networks.
That news had a sobering effect. This spring, federal regulators adopted a new round of cyber security standards for the electric industry. Cyber security, in turn, “surged in the ranking of the Top 10 industry issues … leapfrogging two spots to number four,” the report found.
The new regulations, in particular, have sparked greater demand for security assessments.
“Foresight is forearmed. In an environment where threats are both real and virtual and physical damage can be triggered by natural forces or nefarious intent, the best approach is preparedness,” the report said. “There is not a single solution, but with an approach that addresses the physical elements of cybersecurity and the cyber elements of physical asset security, organizations will be better equipped and educated to manage the full spectrum of dangers.”