Daily Management Review

Deloitte identifies main cyber threats for power industry


International consulting company Deloitte has released a report on cyber threats to the electricity sector. Experts note that lately the risks of such threats have increased markedly, so energy companies need to urgently take comprehensive measures to protect against attacks that have already led to blackouts in different countries.

The report notes that recently the risk of cyber attacks on the power systems of not only individual companies, but also entire cities and even countries has significantly increased. Experts of the company emphasize that the electric power sector “is facing more complex and sophisticated cyber threats that are occurring more often”. For example, the US energy systems are among the top 3 sites that are most often subjected to hacker attacks. Having analyzing the sources and nature of cyber attacks against the US energy sector, analysts at Deloitte concluded that it could be fault of not only criminal elements, but also competitors, as well as other states.

“Development of the electrical infrastructure has resulted in a curious paradox in the field of cyber security — the more technologically advanced and digital networks become, the more often third-party contractors are involved in their work, who also integrate their systems into these networks,” said Paul Zonneveld, who directs Deloitte energy and resource risk analysis. “The more complex such networks become on a global scale, the more actively companies need to understand and monitor potential threats.”

Deloitte experts believe that companies operating in the retail electricity sector need to solve three main tasks in order to reduce the risk of cyber threats.

According to analysts, the priority task is to increase transparency in the ownership structure, all infrastructure facilities and their IT providers. The experts believe that often the structure of owners is very vague and incomprehensible, which does not allow monitoring cyber security throughout the chain.

Speaking of the second task, Deloitte notes that in recent years, companies have been increasingly transferring data and part of operations to cloud servers, so it is important to pay special attention to reliability of cloud service providers and their level of cyber defense.

The experts also say that the third task is to allocate a sufficient number of employees to ensure cyber security, since electric power companies often lack specialized personnel for such tasks.

The report also provides some more specific tips for minimizing the risk of cyber threats in the sector.

Market participants are encouraged to develop a clear classification of their assets and infrastructure to assess potential vulnerabilities in terms of significance of objects and level of their protection.

After conducting such an analysis, companies can understand exactly where it is necessary to strengthen protection and on which sites to focus special attention. Companies are also advised to carefully evaluate security systems of their suppliers and contractors so that attackers cannot exploit their weak points. In addition, experts at Deloitte believe that companies need to work more closely together on coordinating cyber security actions not only with industry leaders, but also with government departments. Such an integrated approach will help companies set new standards for cyber security, share experiences with colleagues and test new technologies.

“Technological innovations and constant analysis of the situation should move forward cyber security strategies of companies,” emphasizes Paul Zonneveld. “New security tools are emerging on the market that allow monitoring the situation in networks in real time, detect threats and respond to them promptly. This approach will ensure the protection of the industry as a whole."