Deloitte Global report urges greater cooperation, evaluation to counter rise in power sector’s cyber risk

Published on February 07, 2019 by Chris Galford

© Shutterstock

With the network of power plants and lines arguably among the most critical infrastructure in the world, Deloitte Global recently released the “Managing cyber risk in the power sector” to evaluate the biggest cyberthreats to the electric power industry and offer suggestions on how to strengthen it.

To date, the U.S. energy sector is one of its top three most targeted by cyberattacks. These attacks vary in nature as some are launched by internal sources, while others are from international sources, such as organizations or countries.

Matters have been further complicated by often ill-defined ownership of the cyber supply chain, the Deloitte report said. Risk is also posed by expanding use of “cloud” services — companies that fail to secure their providers are opening themselves up to greater danger. Suppliers often pose an easy in for these attacks, and energy companies rarely have the manpower to assess the risks from all of their suppliers.

“The advancement of electrical infrastructure presents an interesting obstacle for cybersecurity: as grids become modernized and digitized, they become more supported by and integrated into third-party operations,” Paul Zonneveld, Deloitte Global Energy & Resources Risk Advisory leader, said. “With increasingly complex global supply chains, power companies will need to identify and map threats across the extended enterprise.”

Mapping infrastructure assets and assessing the control environment for managing threats to them is critical to the protection of the chain at large. Likewise, Deloitte noted that companies should have greater engagement with the supply chain procurement function and understand their suppliers’ cybersecurity processes and make sure they comply with best practices. Beyond evaluation, though, the report also urged power companies to communicate threats to their peers, be continuously testing new technology, and overall, work to create industry standards by which all might abide. In that way, cyberthreats can be countered before they cause damage.