Are utilities keeping up with the industrial cyber threat?

Decarbonization of the global economy requires electrification, but grid-connected assets also create new inroads for malicious attackers. Threat levels are particularly high with regard to Operational Technologies (OT) – the machines, systems, and networks by which power is generated, transmitted, and distributed. Specifically, security gaps arise from digitalization in connection with data analytics, artificial intelligence, and grid control technologies.

The report found that a lack of integration between OT and Information Technology (IT) created capability gaps that attackers can exploit. OT targets include control systems and logic controllers whose disruption can jeopardize the availability, reliability, and safety of assets by causing physical damage and shutting down operations. Potential impacts now include major environmental incidents through cascading effects.

Respondents said the frequency of attacks was increasing, with 56 percent having experienced a data breach or outage in the past year, and 54 percent expected an attack on critical infrastructure in the coming 12 months. The potency and sophistication of attacks have also increased. This may be due to the changing nature of cyberattacks, which are increasingly perpetrated by governments or actors using expertise and attack vectors developed by nation-states.

The study reveals a pervasive lack of preparedness. Only 42 percent of respondents rated their cyber-readiness as high, and only 31 percent believed they were ready to respond to, or contain, a breach. Key factors included the technical capabilities to identify threats, understanding of risk-based best practices, compliance with regulatory regimes, and internal factors within an organization. Smaller organizations needed more time (88.5 days) than larger ones (62.6 days) to coordinate responses and prioritize recovery efforts. This was also due to shortages of experts including control engineers, security specialists, and network specialists, as well as training and coordination between them.

The report recommends strengthening cyber-defenses through improved awareness of all system components and their operations, and by training or hiring skilled personnel. Other factors included accounting for systemic complexity through better coordination between IT and OT, and awareness of new developments in technology and cybersecurity. These measures will boost detection and response capabilities, including through proactive contingency planning and prioritization for recovery.

Founded in 2002 by Larry Ponemon and Susan Jayson, the Ponemon Institute conducts independent research on privacy, data protection, and information security policy for private and public-sector organizations. It provides strategic consulting to help companies enhance their privacy and data protection programs and meet compliance and regulatory requirements in the USA and other countries.