Anim pariatur cliche reprehenderit, enim eiusmod high life accusamus terry richardson ad squid. 3 wolf moon officia aute, non cupidatat skateboard dolor brunch. Food truck quinoa nesciunt laborum eiusmod. Brunch 3 wolf moon tempor, sunt aliqua put a bird on it squid single-origin coffee nulla assumenda shoreditch et. Nihil anim keffiyeh helvetica, craft beer labore wes anderson cred nesciunt sapiente ea proident. Ad vegan excepteur butcher vice lomo. Leggings occaecat craft beer farm-to-table, raw denim aesthetic synth nesciunt you probably haven't heard of them accusamus labore sustainable VHS.
By Ron Gallimore, IT Cybersecurity Manager, ACRT Services
Safety and cybersecurity are closely linked, as both practices aim to protect assets and individuals from harm or threats, despite existing in different domains.
The significance of cybersecurity should be understood by all. It is required to maintain a reliable energy supply for American homes, businesses, and communities. The investment into cybersecurity is also crucial as it allows for the management of various cyber threats across energy systems — from generation to delivery, to ensure security and reliability.[1]
If you find yourself wondering, “What classifies as a cyber attack?” the National Institutes of Standards and Technology (NIST)[2] provides clarity stating, “An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.”
Utilities and other industry organizations are increasingly becoming targets of cyber attacks, putting their entire value chain at risk, including the following
Naturally, utilities operate a geographically distributed infrastructure. For example, the average span of a top 25 U.S. power company includes 121 plants spread across 94,000 miles of distribution, making it difficult to maintain visibility across information technology (IT) and operational technology (OT) systems.
These organizations are also at risk of additional susceptibilities due to geographic vulnerabilities in consumer-facing devices (either utility-owned or grid-connected) and organizational complexity as many utilities, “rely on several different business units to refine, generate, transmit, and distribute energy and resources.”[3]
Earlier this year, the U.S. Department of Energy (DOE) announced $45 million in funding for 16 projects across the nation to better protect the energy industry from cyber attacks. The selected projects intend to develop new cybersecurity tools and technologies designed to reduce cyber risks, and strengthen the resilience of America’s energy systems — including the power grid, electric utilities, pipelines, and renewable energy generation sources. [1]
The DOE, in partnership with the Office of Cybersecurity, Energy Security, and Emergency Response (CESER), also announced up to $70 million in funding, with opportunities ranging from $500,000 to $5,000,000, to advance the next generation of innovations that will help strengthen the resilience of our energy systems.[4]
Funding like this is vital, as energy sector cybersecurity preparedness is one of the three key areas CESER’s cybersecurity program supports. 3 Energy sector cybersecurity preparedness includes addressing situational awareness, information sharing, and risk analyses.
Due to the “highly dynamic technology and threat environment,” continuous assessments and sharing of information between the energy industry and government is crucial to determining threats and developing mitigation strategies promptly.
Artificial Intelligence (AI) adoption around the world seems rapid, but within utilities and other industry organizations is proving to be laced with challenges and uncertainties.
A report by the Boston Consulting Group predicts that through scaling proven applications and technology, AI could potentially mitigate 5% to 10% of greenhouse gas emissions by 2030.[5]
In a T&D World op-ed by Teresa Hansen, Endeavor Business Media’s Vice President of Content – Energy, Hansen explains how AI can aid in enhancing resilience against black-sky hazards, facilitate the integration of intermittent renewable energy, optimize grid balancing, and enhance the efficiency of existing fossil-fueled plants. However, the adoption of AI will undoubtedly pose challenges and concerns — especially in terms of oversight and cybersecurity.[6]
While the utility industry is especially vulnerable to cyber attacks, these risks can be significantly reduced with certain steps, such as a three-pronged approach. [3]
As a collective industry, we must take a proactive approach toward cyber threats facing our companies and networks. This might look like employing analytic teams to “monitor threats across the industry and region, including intelligence about technical vulnerabilities and the various factors (e.g., geopolitical, economic, legal) that shape the threat environment.” [3]
It is also recommended that utilities should begin with a holistic cybersecurity maturity assessment to evaluate their current cybersecurity maturity, benchmark capabilities against industry peers, and identify opportunities to build incremental capabilities.
Organizations that are taking the initiative to develop a strategic threat intelligence program should follow these steps. [3]
As time goes on, cybersecurity will likely continue to be a critical concern for the utility industry. There will always be the potential for disruptions to essential services and infrastructures but by remaining vigilant, educating stakeholders, and prioritizing proactive risk management, our industry can mitigate the impact of cyber threats and ensure the reliable delivery of essential services to communities the communities we serve.
[1] T&D World Staff. (2024, February 27). Doe announces $45M to protect Americans from cyber threats. T&D World. https://www.tdworld.com/smart-utility/grid-security/article/21283565/doe-announces-45m-to-protect-americans-from-cyber-threats
[2] Computer Security Resource Center. (n.d.). Cyber attack – glossary: CSRC. https://csrc.nist.gov/glossary/term/cyber_attack
[3] Bailey, T., Maruyama, A., & Wallance, D. (2020, November 3). The energy-sector threat: How to address cybersecurity vulnerabilities. McKinsey & Company. https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/the-energy-sector-threat-how-to-address-cybersecurity-vulnerabilities
[4] T&D World Staff. (2024, January 9). Doe announces $70 million research funding for cyber and physical threats. T&D World. https://www.tdworld.com/smart-utility/grid-security/article/21280398/doe-announces-70-million-research-funding-for-energy-sector-cyber-threats
[5] Dannouni, A., Deutscher, S. A., Dezzaz, G., Elman, A., Gawel, A., Hanna, M., Hyland, A., Kharij, A., Maher, H., Patterson, D., Jones, E. R., Rothenberg, J., Tber, H., Texier, M., & Ziat, A. (2023a, November 22). How ai can speed climate action. BCG Global.
[6] Hansen, T. (2024, January 17). My top three predictions for 2024 trends. T&D World. https://www.tdworld.com/utility-business/article/21279256/top-three-predictions-for-the-energy-industry-in-2024
This article was originally published in the 2024 May/June edition of the UAA Newsline.
ACRT Services offers expert independent consulting solutions to utilities and associated organizations throughout the United States, including vegetation management consulting, ecological consulting, arborist training, customized safety courses, technology solutions, utility metering services, and more to empower the best people in the industry.
M | T | W | T | F | S | S |
---|---|---|---|---|---|---|
1 | ||||||
2 | 3 | 4 | 5 | 6 | 7 | 8 |
9 | 10 | 11 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 | 24 | 25 | 26 | 27 | 28 | 29 |
30 | 31 |