POWER December 2021 - 28

CYBERSECURITY
How to Manage Cyber Risk as Grid
Modernization Efforts Intensify
A survey of chief information security officers revealed great insight on cyber risks
and perceived vulnerabilities. While some insiders may think working hand-in-hand
with government agencies to develop sound cyber protection plans will only create
additional regulations to comply with, the truth is, collaboration may be the only
way to ensure all threat vectors are addressed.
Dillon Dieffenbach
ew sectors face as much disruptive
change in the years ahead as power
and utilities (P&U), with the mantra
of decarbonization, decentralization, and
digitization continuing to grow more intense.
Amid this rapid evolution, P&U
companies have new opportunities to
thrive-and so do cyber criminals eager
to exploit new vulnerabilities, which in
turn has triggered greater scrutiny from
the Biden administration.
Within the P&U sector, 53% of chief
F
information security officers have never
been as concerned as they are now about
their ability to manage the threat, according
to the EY Global Information Security
Survey 2021. About 80% have seen an
increase in disruptive attacks in the past
12 months (Figure 1)-the highest rate
among all sectors-and 43% believe it is
only a matter of time before their organization
suffers a major breach that could
have been avoided if they had received
additional investment. With 37% reporting
that attackers are primarily targeting
their industrial control systems-substantially
more than any other attack vector-it's
no wonder that the White House
asked P&U leaders to be part of a cyber
summit on securing the nation's critical
infrastructure, and that the Transportation
Security Administration has been
working on enforceable new guidelines
for pipelines, for example.
The risks are evident in how the sector
is evolving. Technology and innovation are
enabling the energy transition: today, different
hardware components are networked
with each other, often on decades-old infrastructure,
and controlled by intelligent
software. Every sensor and smart meter
contributes to a more interconnected data-dependent
energy world-and it must
be protected. These trends have become
supercharged amid new momentum for
decarbonization, and in how P&U companies
have responded to the challenges of
the COVID-19 pandemic. As P&U companies
put more money and effort into grid
modernization, they must be vigilant and
proactive against a shifting environment of
cyber threats-as a smart business strategy
and also increasingly as a regulatory
imperative.
Evolving Vulnerabilities
In the EY survey, 81% of cyber leaders
across all sectors said that the rapid response
to COVID-19 forced organizations
to bypass cybersecurity processes.
" Shadow IT " has emerged, in which
the business is making technology decisions
and potentially opening backdoors,
1. This graphic created based on responses to the EY Global Information Security Survey 2021
shows the percentage of respondents from various industry sectors-including power and utilities,
oil and gas, and technology, media, and telecom (TMT)-when asked if they had seen an
increase in the number of disruptive attacks, such as ransomware, in the last 12 months. Courtesy:
Ernst & Young Global Limited
28
www.powermag.com
sometimes sharing data or creating
connections without understanding
the security implications. Meanwhile,
more employees and third parties are
remotely accessing systems, devices,
and data, sometimes under the guise
of real-time maintenance. Challenges
include controlling the supply chain and
fully understanding risks that devices
and their components introduce to the
install base. In the same survey, 40%
of P&U cyber leaders warn that hackers
are consistently experimenting with new
strategies, such as targeting weak links
in the supply chain that may override the
security systems in place.
Similarly, electric grids are increasingly
becoming more connected to distributed
energy resources (DERs) and third parties,
as part of the acceleration toward decentralization.
Today, home solar power systems
continue to grow more affordable,
positioning more customers-or, rather,
" prosumers " -to put excess energy capacity
into the grid. Many more of these
DERs, of which solar photovoltaics is just
one part, add new complexity and connection
points in electricity distribution that
hackers can target. Decentralization and
digitization will only increase as the Biden
administration has set a target for a carbon-pollution-free
power sector by 2035
and net-zero-emissions economy by 2050.
The Biden administration is also working
to patch up another prominent vulnerability
in the sector: ransomware attacks.
From the EY survey, 40% of P&U leaders
believe that state-affiliated actors
are behind the breaches they have suffered
(compared with 24% across other
sectors). The administration issued an
executive order in April to enhance the
cybersecurity of electric utilities' industrial
control systems and secure the energy
supply chain, and the Department of Energy
is seeking more than $200 million in
its fiscal 2022 budget request to address
digital vulnerabilities in the sector.
POWER | December 2021
http://www.powermag.com

POWER December 2021

Table of Contents for the Digital Edition of POWER December 2021

POWER December 2021 - Cover1
POWER December 2021 - Cover2
POWER December 2021 - 1
POWER December 2021 - 2
POWER December 2021 - 3
POWER December 2021 - 4
POWER December 2021 - 5
POWER December 2021 - 6
POWER December 2021 - 7
POWER December 2021 - 8
POWER December 2021 - 9
POWER December 2021 - 10
POWER December 2021 - 11
POWER December 2021 - 12
POWER December 2021 - 13
POWER December 2021 - 14
POWER December 2021 - 15
POWER December 2021 - 16
POWER December 2021 - 17
POWER December 2021 - 18
POWER December 2021 - 19
POWER December 2021 - 20
POWER December 2021 - SCover1
POWER December 2021 - SCover2
POWER December 2021 - S1
POWER December 2021 - S2
POWER December 2021 - S3
POWER December 2021 - S4
POWER December 2021 - S5
POWER December 2021 - S6
POWER December 2021 - S7
POWER December 2021 - S8
POWER December 2021 - S9
POWER December 2021 - S10
POWER December 2021 - S11
POWER December 2021 - S12
POWER December 2021 - S13
POWER December 2021 - S14
POWER December 2021 - S15
POWER December 2021 - S16
POWER December 2021 - SCover3
POWER December 2021 - SCover4
POWER December 2021 - 21
POWER December 2021 - 22
POWER December 2021 - 23
POWER December 2021 - 24
POWER December 2021 - 25
POWER December 2021 - 26
POWER December 2021 - 27
POWER December 2021 - 28
POWER December 2021 - 29
POWER December 2021 - 30
POWER December 2021 - 31
POWER December 2021 - 32
POWER December 2021 - 33
POWER December 2021 - 34
POWER December 2021 - 35
POWER December 2021 - 36
POWER December 2021 - 37
POWER December 2021 - 38
POWER December 2021 - 39
POWER December 2021 - 40
POWER December 2021 - Cover3
POWER December 2021 - Cover4
https://www.nxtbook.com/accessintelligence/POWER/power-may-2022
https://www.nxtbook.com/accessintelligence/POWER/power-may-2022-intl
https://www.nxtbook.com/accessintelligence/POWER/power-april-2022
https://www.nxtbook.com/accessintelligence/POWER/Power-April-2022-Intl
https://www.nxtbook.com/accessintelligence/POWER/power-march-2022
https://www.nxtbook.com/accessintelligence/POWER/power-february-2022
https://www.nxtbook.com/accessintelligence/POWER/power-january-2022
https://www.nxtbook.com/accessintelligence/POWER/power-december-2021
https://www.nxtbook.com/accessintelligence/POWER/power-top-plants-supp-december-2021
https://www.nxtbook.com/accessintelligence/POWER/power-november-2021
https://www.nxtbook.com/accessintelligence/POWER/power-october-2021
https://www.nxtbook.com/accessintelligence/POWER/power-september-2021
https://www.nxtbook.com/accessintelligence/POWER/power-august-2021
https://www.nxtbook.com/accessintelligence/POWER/power-july-2021
https://www.nxtbook.com/accessintelligence/POWER/power-june-2021
https://www.nxtbook.com/accessintelligence/POWER/power-may-2021
https://www.nxtbook.com/accessintelligence/POWER/power-april-2021
https://www.nxtbook.com/accessintelligence/POWER/power-march-2021
https://www.nxtbook.com/accessintelligence/POWER/power-february-2021
https://www.nxtbook.com/accessintelligence/POWER/power-january-2021
https://www.nxtbook.com/accessintelligence/POWER/power-december-2020
https://www.nxtbook.com/accessintelligence/POWER/power-november-2020
https://www.nxtbook.com/accessintelligence/POWER/power-october-2020
https://www.nxtbook.com/accessintelligence/POWER/power-september-2020
https://www.nxtbook.com/accessintelligence/POWER/power-august-2020
https://www.nxtbook.com/accessintelligence/POWER/power-july-2020
https://www.nxtbook.com/accessintelligence/POWER/power-june-2020
https://www.nxtbook.com/accessintelligence/POWER/power-may-2020
https://www.nxtbook.com/accessintelligence/POWER/power-april-2020
https://www.nxtbook.com/accessintelligence/POWER/power-march-2020
https://www.nxtbook.com/accessintelligence/POWER/power-february-2020
https://www.nxtbook.com/accessintelligence/POWER/power-january-2020
https://www.nxtbook.com/accessintelligence/POWER/power-december-2019
https://www.nxtbook.com/accessintelligence/POWER/power-november-2019
https://www.nxtbook.com/accessintelligence/POWER/power-october-2019
https://www.nxtbook.com/accessintelligence/POWER/power-september-2019
https://www.nxtbook.com/accessintelligence/POWER/power-august-2019
https://www.nxtbook.com/accessintelligence/POWER/power-july-2019
https://www.nxtbook.com/accessintelligence/POWER/power-june-2019
https://www.nxtbook.com/accessintelligence/POWER/power-may-2019
https://www.nxtbook.com/accessintelligence/POWER/power-april-2019
https://www.nxtbook.com/accessintelligence/POWER/power-march-2019
https://www.nxtbook.com/accessintelligence/POWER/power-february-2019
https://www.nxtbook.com/accessintelligence/POWER/power-january-2019
https://www.nxtbook.com/accessintelligence/POWER/power-december-2018
https://www.nxtbook.com/accessintelligence/POWER/power-november-2018
https://www.nxtbook.com/accessintelligence/POWER/power-october-2018
https://www.nxtbook.com/accessintelligence/POWER/power-september-2018
https://www.nxtbook.com/accessintelligence/POWER/power-august-2018
https://www.nxtbook.com/accessintelligence/POWER/power-july-2018
https://www.nxtbook.com/accessintelligence/POWER/power-june-2018
https://www.nxtbook.com/accessintelligence/POWER/power-may-2018
https://www.nxtbook.com/accessintelligence/POWER/power-april-2018
https://www.nxtbook.com/accessintelligence/POWER/power-march-2018
https://www.nxtbook.com/accessintelligence/POWER/power-february-2018
https://www.nxtbook.com/accessintelligence/POWER/power-january-2018
https://www.nxtbook.com/accessintelligence/POWER/power-december-2017
https://www.nxtbook.com/accessintelligence/POWER/power-november-2017
https://www.nxtbook.com/accessintelligence/POWER/power-october-2017
https://www.nxtbook.com/accessintelligence/POWER/power-september-2017
https://www.nxtbook.com/accessintelligence/POWER/power-august-2017
https://www.nxtbook.com/accessintelligence/POWER/power-july-2017
https://www.nxtbook.com/accessintelligence/POWER/power-june-2017
https://www.nxtbook.com/accessintelligence/POWER/power-may-2017
https://www.nxtbook.com/accessintelligence/POWER/power-april-2017
https://www.nxtbook.com/accessintelligence/POWER/power-march-2017
https://www.nxtbook.com/accessintelligence/POWER/power-february-2017
https://www.nxtbook.com/accessintelligence/POWER/power-january-2017
https://www.nxtbook.com/accessintelligence/POWER/power-december-2016
https://www.nxtbook.com/accessintelligence/POWER/power-november-2016
https://www.nxtbook.com/accessintelligence/POWER/power-october-2016
https://www.nxtbook.com/accessintelligence/POWER/power-september-2016
https://www.nxtbook.com/accessintelligence/POWER/power-august-2016
https://www.nxtbook.com/accessintelligence/POWER/power-july-2016
https://www.nxtbook.com/accessintelligence/POWER/power-june-2016
https://www.nxtbook.com/accessintelligence/POWER/power-may-2016
https://www.nxtbook.com/accessintelligence/POWER/power-april-2016
https://www.nxtbook.com/accessintelligence/POWER/power-march-2016
https://www.nxtbook.com/accessintelligence/POWER/power-february-2016
https://www.nxtbook.com/accessintelligence/POWER/power-january-2016
https://www.nxtbook.com/accessintelligence/POWER/power-december-2015
https://www.nxtbook.com/accessintelligence/POWER/power-november-2015
https://www.nxtbook.com/accessintelligence/POWER/power-october-2015
https://www.nxtbook.com/accessintelligence/POWER/power-september-2015
https://www.nxtbook.com/accessintelligence/POWER/power-august-2015
https://www.nxtbook.com/accessintelligence/POWER/power-july-2015
https://www.nxtbook.com/accessintelligence/POWER/power-june-2015
https://www.nxtbook.com/accessintelligence/POWER/power-may-2015
https://www.nxtbook.com/accessintelligence/POWER/power-april-2015
https://www.nxtbook.com/accessintelligence/POWER/power-march-2015
https://www.nxtbook.com/accessintelligence/POWER/power-february-2015
https://www.nxtbook.com/accessintelligence/POWER/power-january-2015
https://www.nxtbook.com/accessintelligence/POWER/power-december-2014
https://www.nxtbook.com/accessintelligence/POWER/power-november-2014
https://www.nxtbook.com/accessintelligence/POWER/power-october-2014
https://www.nxtbook.com/accessintelligence/POWER/power-september-2014
https://www.nxtbook.com/accessintelligence/POWER/power-august-2014
https://www.nxtbook.com/accessintelligence/POWER/power-july-2014
https://www.nxtbook.com/accessintelligence/POWER/power-june-2014
https://www.nxtbook.com/accessintelligence/POWER/power-may-2014
https://www.nxtbook.com/accessintelligence/POWER/power-april-2014
https://www.nxtbook.com/accessintelligence/POWER/power-march-2014
https://www.nxtbook.com/accessintelligence/POWER/power-february-2014
https://www.nxtbook.com/accessintelligence/POWER/power-january-2014
https://www.nxtbook.com/accessintelligence/POWER/power-december-2013
https://www.nxtbook.com/accessintelligence/POWER/power-november-2013
https://www.nxtbook.com/accessintelligence/POWER/power-october-2013
https://www.nxtbook.com/accessintelligence/POWER/power-september-2013
https://www.nxtbook.com/accessintelligence/POWER/power-august-2013
https://www.nxtbook.com/accessintelligence/POWER/power-july-2013
https://www.nxtbook.com/accessintelligence/POWER/power-june-2013
https://www.nxtbook.com/accessintelligence/POWER/power-may-2013
https://www.nxtbook.com/accessintelligence/POWER/power-april-2013
https://www.nxtbook.com/accessintelligence/POWER/power-march-2013
https://www.nxtbook.com/accessintelligence/POWER/power-february-2013
https://www.nxtbook.com/accessintelligence/POWER/power-january-2013
https://www.nxtbook.com/accessintelligence/POWER/power-december-2012
https://www.nxtbook.com/accessintelligence/POWER/power-november-2012
https://www.nxtbook.com/accessintelligence/POWER/power-october-2012
https://www.nxtbook.com/accessintelligence/POWER/power-september-2012
https://www.nxtbook.com/accessintelligence/POWER/power-august-2012
https://www.nxtbook.com/accessintelligence/POWER/power-july-2012
https://www.nxtbook.com/accessintelligence/POWER/power-june-2012
https://www.nxtbook.com/accessintelligence/POWER/power-may-2012
https://www.nxtbook.com/accessintelligence/POWER/power-april-2012
https://www.nxtbook.com/accessintelligence/POWER/power-march-2012
https://www.nxtbook.com/accessintelligence/POWER/power-february-2012
https://www.nxtbook.com/accessintelligence/POWER/power-january-2012
https://www.nxtbook.com/accessintelligence/POWER/power-november-2011
https://www.nxtbook.com/accessintelligence/POWER/power-october-2011
https://www.nxtbook.com/accessintelligence/POWER/power-september-2011
https://www.nxtbook.com/accessintelligence/POWER/power-august-2011
https://www.nxtbook.com/accessintelligence/POWER/power-july-2011
https://www.nxtbook.com/accessintelligence/POWER/power-june-2011
https://www.nxtbook.com/accessintelligence/POWER/power-may-2011
https://www.nxtbook.com/accessintelligence/POWER/power-april-2011
https://www.nxtbook.com/accessintelligence/POWER/power-march-2011
https://www.nxtbook.com/accessintelligence/POWER/power-february-2011
https://www.nxtbook.com/accessintelligence/POWER/power-january-2011
https://www.nxtbook.com/accessintelligence/POWER/power-december-2010
https://www.nxtbook.com/accessintelligence/POWER/power-november-2010
https://www.nxtbook.com/accessintelligence/POWER/power-october-2010
https://www.nxtbook.com/accessintelligence/POWER/power-september-2010
https://www.nxtbook.com/accessintelligence/POWER/power-august-2010
https://www.nxtbook.com/accessintelligence/POWER/power-july-2010
https://www.nxtbook.com/accessintelligence/POWER/power-june-2010
https://www.nxtbook.com/accessintelligence/POWER/power-may-2010
https://www.nxtbookmedia.com