Environmental & Natural Resources Law
Are Smart Grids Smart Enough to Prevent Cyber Attacks?
As electric utilities move towards the implementation of smart grid software and hardware, an area of interest is potential exposure to cyber attacks. The electric grid generally refers to the network of transmission lines, substations, transformers and related equipment that delivers power from generators to businesses and homes. “Smart grids” integrate digital technology and two-way communication between the electric service provider and its customers. Benefits of smart grids include, efficiency, quick response times, reduced operation and maintenance costs and better integration of renewable and customer owned distributed generation resources.
However, digitization and modernization of the electric grid may also increase the exposure to cyber attacks.
An article published earlier this year in Deloitte Insights, “Managing Cyber Risk in the Electric Power Sector”[1] raises several key issues about cyber risk in the electric industry, what to anticipate with smart grids and recommended next steps. For example, the article observes with regards to smart grids:
Despite almost limitless advantages to be gained from digitizing and modernizing the grid, modernization can also increase a utility’s “attack surface,” or the number of routes hackers can exploit to enter utility systems. As grids become increasingly “smart,” with information and communications technologies and devices embedded throughout, networks are being linked, the system is gaining complexity, and the number of access points is rising. In addition, as utilities introduce more commonly used software and information technologies into their operations, their systems may become more accessible to adversaries. And, as they increasingly automate functions, the impact of an attack is potentially magnified. Taken together, all of these factors spell increased vulnerability. (Id)
These timely observations certainly raise awareness of potential issues and hopefully cause smart grid owners to ask, “Is my smart grid smart enough to avoid cyber attacks?” Returning to the article, valuable recommendations can serve as a starting point for a critical analysis of the question. The authors state:
Cyber risk is challenging to address, but companies can start by identifying and mapping critical assets across the extended enterprise; using a cybersecurity maturity model to assess the maturity of the control environment; and building a framework that is secure, vigilant, and resilient.
After reducing their own cyber risk profiles, power companies can collaborate with peers, governments, suppliers, and other industrial sectors to share intelligence, participate in practice exercises, develop new standards and frameworks, and pilot new technologies. New tools are increasingly available, and the capability to monitor networks in real time, discover threats, and address them is also advancing rapidly. If electric power companies seize these opportunities, they can reduce risk significantly for themselves, the power sector, and, given the critical nature of the service they provide, society as a whole. (Id)
As electric utilities move towards converting their networks to smart grids, addressing cyber security will enhance the confidence in and benefits of the digitizing and modernization of the electric grid.
[1] Managing Cyber Risk in the Electric Power Sector”, January 31, 2019, by Steve Livingston, Susanna Sanborn, Andrew Slaughter and Paul Zonneveld