NEW YORK, NY, 31 January 2019–The network of power plants and lines connecting to homes and businesses is widely considered to be among the most critical infrastructure in the world. It’s also one of the most frequently attacked, with consequences that could potentially reach far beyond the power sector. A new Deloitte Global report, “Managing cyber risk in the electric power sector,” evaluates the biggest cyberthreats to the electric power sector and suggests how companies can manage these risks.
The electric power sector faces a rapidly evolving cyberthreat landscape – the sophistication and frequency of attacks are increasing, and the number of threat actors are growing. In fact, energy is one of the top three sectors targeted by cyberattacks in the United States. Threats can range from internal, such as an attack from a disgruntled employee, to external, from nation-states or organized crime.
The advancement of electrical infrastructure presents an interesting obstacle for cybersecurity: as grids become modernized and digitized, they become more supported by and integrated into third-party operations,
says Paul Zonneveld, Deloitte Global Energy & Resources Risk Advisory leader.
"With increasingly complex global supply chains, power companies will need to identify and map threats across the extended enterprise."
To reduce cyber risk in the supply chain, retail power companies face three notable obstacles. First, ownership of the cyber supply chain is often ill-defined, so companies must establish clear accountability. Second, as pressure mounts to move operations to the cloud, companies must do their due diligence in assuring that providers are secure. And third, companies often do not have the manpower to assess cyber risks from their vast number of suppliers.
Electric power companies can take a number of steps to overcome these obstacles and manage cyber risks across the enterprise:
Technological innovation and analytics should drive every electric power company’s cybersecurity strategy,
New tools are increasingly available, and the capability to monitor networks in real time, discover threats, and address them is advancing rapidly—providing needed protection for the industry at large.
“Deloitte,” “us,” “we” and “our” refer to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see www.deloitte.com/about to learn more.
Deloitte provides industry-leading audit and assurance, tax and legal, consulting, financial advisory, and risk advisory services to nearly 90% of the Fortune Global 500® and thousands of private companies. Our professionals deliver measurable and lasting results that help reinforce public trust in capital markets, enable clients to transform and thrive, and lead the way toward a stronger economy, a more equitable society and a sustainable world. Building on its 175-plus year history, Deloitte spans more than 150 countries and territories. Learn how Deloitte’s approximately 415,000 people worldwide make an impact that matters at www.deloitte.com.
Deloitte Global Communications
Tel: +1 202 738 7586
Mobile: +1 202 734 3207