Dealing with Cyberthreats

Utilities’ Staffing Falls Short

BY MARTIN ROSENBERG
Editor-in-chief, EnergyBiz

Utilities are increasingly aware of the cyberthreats that are facing them, but they are not adequately staffed to address mounting threats, according to Doug Westlund, the chief executive officer of N-Dimension Solutions. Cyberthreats and other disruptive challenges confronting utilities will be the focus of the EnergyBiz Securing Power Forum in Washington March 3-4.

ENERGYBIZ: Is cybersecurity a growing threat for utilities?


Doug Westlund

Westlund: The problem has always been there. But it is being amplified and propagated through a number of drivers. One is smart grid. Smart grid means more interconnection. More interconnection means an increased attack surface. In addition, this industry is an attractive target. Easy-to-obtain and easy-to-use powerful hacking tips and scripts have been developed.

ENERGYBIZ: How would you describe the utility industry’s supply chain security problems?

Westlund: It’s a big problem that’s gaining more awareness. It is virtually impossible to eliminate the risks through the overall supply chain. The only way you could do that is if you created all components by yourself. You have circuit board level, chip level and system level. There is risk inherent in the supply chain and there very well could be risks associated with the equipment that you buy that could be nondetectable. The only solution to this is to implement cybermeasures, including a monitoring function.

ENERGYBIZ: How can utilities recover costs incurred preventing a cyberattack? How much needs to be spent?

Westlund: Look at mature cybersecurity industries such as banking and telecom. In those industries you will typically see budget expenditures of 15 to 20 percent of any given IT project, asset or system devoted to cybersecurity. Midsized utilities, municipals and cooperatives can obtain very effective and pragmatic solutions that are less than 5 percent of the asset value, project cost or system cost. Some of the large investor-owned utilities are talking numbers closer to 10 to 15 percent. How do you prove the value? When you monitor, you will clearly detect issues that you didn’t see before and you will clearly be able to prove that you are mitigating issues that may be building or may in the future have the ability to impair your operations.

ENERGYBIZ: Are utilities adequately staffed on the security front?

Westlund: Definitely not today. There is widespread acknowledgement that they don’t have the resources internally to do it themselves. Some investor-owned utilities say they do have the internal resources to do it themselves. But that’s definitely not the case for co-ops and municipalities.

ENERGYBIZ: What key industry assumptions need to change?

Westlund: They must acknowledge that this is not a compliance issue. This is a matter of reliability and operational integrity. The industry will not move ahead if one just looks at it from a compliance checkmark perspective. In fact, we’ll fall behind because the attacks and the threats are increasing.

For the full conversation with Doug Westlund, please read the current issue of EnergyBiz magazine.

Thought leadership editorial sponsored by N-Dimension Solutions.