This post is also available in: עברית (Hebrew)
Attacks on an electric facility and increased attention from regulators has fueled concern about safeguarding facilities. Cybersecurity leapt onto the list of the top five concerns for U.S. electric utilities this year, yet fewer than a third say they’re prepared to meet the growing threat of an attack, according to a new survey.
“The industry is paying attention and actively seeking ways to bolster security practices to limit power system vulnerability,” says an annual report from the consulting, construction and engineering firm Black & Veatch titled “2014 Strategic Directions: U.S. Electric Industry.” “We are seeing an industry that is actively moving forward with the deployment of comprehensive asset protection plans following several high-profile cyber and physical threat events.”
However, only 32 percent of electric utilities surveyed for the report had integrated security systems with the “proper segmentation, monitoring and redundancies” needed for cyber-threat protection. Another 48 percent said they did not.
Cybersecurity ranked sixth a year ago and now is the fourth-highest concern for electric utilities, behind reliability, environmental regulation and economic regulation, according to the report.
“This rise in concern about cyber-attacks comes on the heels of headline-grabbing cyber incidents,” the report says, also citing a new round of stricter cybersecurity standards from federal regulators.
A federal analysis reported by The Wall Street Journal in March showed that if only nine of the country’s 55,000 electrical substations were to go down – whether from mechanical issues or malicious attack – the nation would be plunged into a coast-to-coast blackout. One month later, sniper fire knocked out a substation in San Jose, California.
“Foresight is forearmed. In an environment where threats are both real and virtual and physical damage can be triggered by natural forces or nefarious intent, the best approach is preparedness,” the report says. “There is not a single solution, but with an approach that addresses the physical elements of cyber security and the cyber elements of physical asset security, organizations will be better equipped and educated to manage the full spectrum of dangers.”