OVERLAND PARK, Kan.— Cybersecurity jumped onto the list of the top five concerns for U.S. electric utilities this year, yet fewer than a third say they’re prepared to meet the growing threat of an attack, according to a new survey.
“The industry is paying attention and actively seeking ways to bolster security practices to limit power system vulnerability,” says an annual report from the consulting, construction and engineering firm Black & Veatch, based here. “We are seeing an industry that is actively moving forward with the deployment of comprehensive asset protection plans following several high-profile cyber and physical threat events.”
However, only 32% of electric utilities surveyed for the report had integrated security systems with the “proper segmentation, monitoring and redundancies” needed for cyberthreat protection. Another 48% said they did not.
Cybersecurity ranked sixth a year ago and now is the fourth-highest concern for electric utilities, behind reliability, environmental regulation and economic regulation, according to the report, according to the report titled “2014 Strategic Directions: U.S. Electric Industry.”
“This rise in concern about cyberattacks comes on the heels of headline-grabbing cyber incidents,” the report says, also citing a new round of stricter cybersecurity standards from federal regulators.
A federal analysis reported by The Wall Street Journal in March showed that if only nine of the country’s 55,000 electrical substations were to go down — whether from mechanical issues or malicious attack — the nation would be plunged into a coast-to-coast blackout. One month later, sniper fire knocked out a substation in San Jose, Calif.
Other reports, meanwhile, have said that virtually all the country’s gas and electric utilities were relying on vulnerable Windows XP operating systems at workstations, and that the electrical grid at large stands susceptible to cyberattack from abroad and organized criminal networks.
Such news has had an apparent effect, according to U.S. News & World Report. This spring, federal regulators adopted a new round of cybersecurity standards for the electric industry. Cybersecurity, in turn, “surged in the ranking of the Top 10 industry issues … leapfrogging two spots to number four,” the report found.
The new regulations, in particular, have sparked greater demand for security assessments.
“Foresight is forearmed. In an environment where threats are both real and virtual and physical damage can be triggered by natural forces or nefarious intent, the best approach is preparedness,” the report says. “There is not a single solution, but with an approach that addresses the physical elements of cybersecurity and the cyber elements of physical asset security, organizations will be better equipped and educated to manage the full spectrum of dangers.”