Electric utilities always have struggled to protect their property, keeping intruders out of generating facilities and away from sensitive equipment. Nature, too, has posed challenges with summer heat waves that prompt brownouts, and winter storms that crash wires. But a far more urgent and insidious problem has emerged: the threat of “cyber physical” attacks, in which malicious wrongdoers hack into a utility’s computer system, take control of operations, and cause physical or environmental harm.
Although experts say the US power grids, especially those spanning long distances, are secure today, there is growing concern about how well they will stand up to rising cyber-risks, especially with the internet’s greater connectivity. “These greener, smarter grids will involve a vast expansion of the Internet of Things that greatly increases the [possibility of] cyberattack [by] malicious hackers and hostile nation-state[s],” the Manhattan Institute stated in a recent report.
Cyberattacks have risen 60% annually for the past half-dozen years, and utilities are increasingly targeted. A Cisco study, cited by the Manhattan Institute, found that 70% of utility-security professionals report experiencing at least one breach. This is sobering news for electric grids, sensitive infrastructure that is critical to national security.
Korn Ferry found in its recent study on the utility industry that executives are acutely aware of cybersecurity. They and their utilities are putting in place comprehensive risk-management strategies to identify and deter threats, both physical and cyber—and now the “cyber physical.” These strategies blanket operations from the gates of a nuclear power plant to the firewall protecting an internal computer network.
“Cyber risk’s nefarious nature makes it especially onerous,” said Jamey Cummings, senior client partner and co-leader of cybersecurity for Korn Ferry. “Hacking attempts, computer viruses, and technological vulnerabilities constantly target computer networks and servers—and the US power grid is a constant target.”
Effective cybersecurity strategies require unique talent, leaders with technology and security expertise and intelligence gathering capabilities, plus business acumen and communication skills. This tall order is fulfilled ideally by skilled chief security officers (CSOs) and chief information security officers (CISOs)—talent in high demand and short supply.
“While organizations have security roles, what differentiates CSOs and CISOs today is their oversight of cybersecurity, and the growing risk of online threats,” added Aileen Alexander, a senior client partner and Korn Ferry’s other co-leader of cybersecurity. “As new leaders within the C-suite, they work closely with other senior leaders, such as the chief risk officer, as well as CIOs and CTOs, who are attuned to specific risks.”
Given the mandate from state and federal governments for electric grids to be “greener” and “smarter,” and requiring net connectivity to do so, the cybersecurity response must be a priority. “With security experts claiming that the ‘next Cold War has already begun—in cyberspace,’ the key is to keep critical infrastructures, especially electricity, off the front lines,” the Manhattan Institute noted.
Leading that charge will be utility CEOs who understand risks and vulnerabilities, and are committed to educating people throughout their organization. Converting that awareness into action, Korn Ferry found, requires the right talent, especially a proactive CSO or CISO who not only knows the security side, but also understands the business and its needs.