Amid all the talk of a Green New Deal and coal bailouts in Washington, one less flashy issue retains its primacy for electric utility executives — cybersecurity.
Each year, Utility Dive asks sector professionals about the most pressing concern facing their companies. And for the past three years, they’ve overwhelmingly named security issues at the top of the list.
It’s no wonder. U.S. electric utilities are under near constant attack from both nation states and other rogue actors. Last year, the Department of Homeland Security warned that some of those hackers may be able to throw switches on critical electric infrastructure — something that Russian operatives did in Ukraine back in 2015.
Experts say the risk of a widespread outage from a coordinated cyberattack in the U.S. remains low, but adversaries are working every day to worm their way further into utility systems.
“The most immediate threat is the potential that the smaller less sophisticated systems in the country could be the place where an attack starts,” Richard Mroz, former president of the New Jersey Board of Public Utilities, told the Electric Power Station.
“There might already be … hackers in the system,” added Mroz, now the senior policy advisor at Protect Our Power, a security nonprofit. “There are estimates that in the Ukraine attack, that [plant] had been infiltrated a year or 18 months before the shutdown began.”
To combat those threats, Mroz’s organization recently issued a new utility survey calling on regulators to approve more utility cybersecurity investments. The full report, completed with Vermont Law School, came out this week.
Mroz touched on the report’s findings and a host of other cyber topics in this episode of EPS, guest hosted by Naomi Eide, senior editor at CIO Dive, our sister publication focused on enterprise technology.
