FTI Journal
FTI Journal | Critical Thinking at the Critical Time
 

Quiz: How Vulnerable is the Power Grid to Cyber Attack?

cyber security hacker

Most Americans are familiar with the high profile hacking incidents of recent years—the public exposure of Sony Pictures’ private email, for instance, or the theft of credit card information belonging to 56 million Home Depot customers. But the damage from those breaches may pale in comparison to what cybersecurity experts believe is sure to come: a penetrating attack on the power grid.

Hacking into the industrial control systems of our electric infrastructure presents a huge national security risk. Disrupting or sabotaging our power supply would have catastrophic consequences for public safety and health. Yet the electric utility industry remains shockingly ill-prepared to combat the threat even as it insists it has taken adequate precautions. What's holding it back? Three things:

  • A disconnect within individual companies among risk managers, IT, engineering and operations.
  • The inability to keep pace with a sophisticated hacking culture.
  • The industry's stance that it is already doing enough to comply with cybersecurity standards.

The 2013 hack into the controls of a small hydro-electric dam in Rye Brook, NY, by a rogue Iranian group should be a wake up call. So too should be the 2015 Ukrainian power utility attack, widely attributed to Russia. Both incidents demonstrated the capabilities of hostile adversaries and the tacit warning that similar damage can be done—perhaps at will—to U.S. utilities. These intrusions, plus 750 more identified and catalogued by Industrial Control System (ICS) cybersecurity experts, punctuate the need to move faster in light of the rapid changes to our digital world. With about 6.4 billion devices and control systems connected through the Internet of Things, and nearly 21 billion expected by 2020, the number of entry points of attack is multiplying daily.

Minimizing the risk is not just about training a network IT team. It’s about running a comprehensive and continuous scan of operational technology (OT)—the programmable logic controllers, the mobile devices, the supervisory control and data acquisition systems (SCADA), etc.—and then coordinating OT and IT teams with risk officers and crisis management experts to form a cohesive front capable of responding to an industrial cyber incident.

The idea that minimizing risk can be accomplished through IT alone as if it’s a corporate website is a misconception. See if you can identify other misconceptions about the industry with our true or false quiz.

 

Published July 2016

© Copyright 2016. The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals.

About The Authors


Scott Corzine
scott.corzine@fticonsulting.com
Managing Director
Forensic & Litgation Consulting
FTI Consulting

Ellen Smith
ellen.smith@fticonsulting.com
Senior Managing Director
Economic Consulting
Energy & Utilities
FTI Consulting

Share This

Related Articles

Latest Articles

  • Can a Post-COVID-19 APAC Make the Case Again for Globalization?
    Can a Post-COVID-19 APAC Make the Case Again for Globalization?
    What impact has COVID-19 had on the APAC region? FTI Consulting spoke with Dr. Linda Yueh about the region’s ongoing economic recovery and a possible silver lining to come out of the pandemic.
  • OFAC Will See You Now
    OFAC Will See You Now
    Your company may face increased likelihood of sanctions investigation and enforcement following the unprecedented MOU signed between the Office of Foreign Assets Control and the Delaware Department of Justice.
  • Would You Buy a Used Car From This Man?
    Would You Buy a Used Car From This Man?
    A recently-filed Daubert motion in a class action suit against an auto insurance company showed that “expert” testimony on the value of damaged cars repaired like new just didn’t add up.

Related Articles

Latest Articles

  • Can a Post-COVID-19 APAC Make the Case Again for Globalization?
    Can a Post-COVID-19 APAC Make the Case Again for Globalization?
    What impact has COVID-19 had on the APAC region? FTI Consulting spoke with Dr. Linda Yueh about the region’s ongoing economic recovery and a possible silver lining to come out of the pandemic.
  • OFAC Will See You Now
    OFAC Will See You Now
    Your company may face increased likelihood of sanctions investigation and enforcement following the unprecedented MOU signed between the Office of Foreign Assets Control and the Delaware Department of Justice.
  • Would You Buy a Used Car From This Man?
    Would You Buy a Used Car From This Man?
    A recently-filed Daubert motion in a class action suit against an auto insurance company showed that “expert” testimony on the value of damaged cars repaired like new just didn’t add up.
It looks like you're enjoying this article. If you'd like to receive email updates from the FTI Journal, please consider subscribing.
The views expressed in this article(s) are those of the author and not necessarily those of FTI Consulting, Inc., or its professionals.
©Copyright, FTI Consulting, Inc., 2012. All rights reserved.

https://ftijournal.com/article/quiz-power-grid-cyber-attack