Many utility executives from around the world believe cyberattacks could cause disruptions to electric distribution grids in the next five years, according to a report published on Wednesday by professional services company Accenture.
Accenture conducted a survey of more than 100 utility executives from over 20 countries in Europe, North America, Asia Pacific and other regions. The respondents were decision-makers in processes related to smart grids.
The study shows that nearly two-thirds of respondents are concerned that there is at least a moderate risk of a cyberattack causing disruptions to electricity supply in the next five years.
Accenture found that 57% of respondents are concerned that a cyberattack would result in interruption to electricity supply, while 53% are worried about its impact on employee and/or customer safety.
Roughly half of respondents are concerned about theft of sensitive customer or employee data, and theft of company data and intellectual property. Ransomware and destruction of physical assets are also among the top concerns.
“A typical distribution grid has neither the size of a transmission network nor the same risks of cascading failure,” Accenture said in its report. “However, distribution grids have the same vulnerabilities and, as a potentially softer target, could be increasingly subject to attack. Breaches by a wide range of potential attackers could have devastating impacts along the entire electricity value chain, from generation through to consumers. A successful attack could erode public trust in the utility and raise questions about the security of all devices along the value chain.”
Related: Learn More at SecurityWeek’s 2017 ICS Cyber Security Conference
On a global scale, cyberattacks conducted by state-sponsored actors, including their own government, are considered the biggest risk to distribution networks. This is also the greatest concern in North America, but cybercriminals are seen as the biggest threat in Europe and the Asia Pacific region.
The study also shows that utility executives are concerned, at least to some extent, about the risks posed by the Internet of Things (IoT) devices found in consumers’ homes.
Despite concerns, more than 40% of respondents said their organizations did not fully integrate cybersecurity into their risk management processes.
Nearly one-third of respondents believe improved threat identification and sharing across the industry would have the greatest impact on their cybersecurity capabilities. Others believe the biggest impact would come from clearer understanding of OT implications for cybersecurity (20%), training and risk awareness (15%), a holistic security program (12%), a risk management framework incorporating cybersecurity (11%), and clear cybersecurity governance and roles (10%).
Related: Injection Attacks Common in Energy and Utilities Sector
Related: Energy Management Systems Expose Devices to Attacks
Related: Iranian Hackers Target Aerospace, Energy Companies
Related: U.S. Energy Department Invests $20 Million in Cybersecurity