Adlan Hussain, Product Marketing
As noted in the Wall Street Journal in February 2023, physical attacks on the U.S. power grid rose 71% last year compared with 2021 and will likely increase this year.
The U.S. power grid is of critical importance to our national security and economic security, but in an increasingly connected world where physical and cyber attacks are becoming more frequent, executives must be aware of the potential risks posed by malicious actors targeting their power grids. In recent years, malicious actors have increased their efforts to penetrate and damage U.S. power grids through both physical and cyber attacks. This has been seen with the North Korean WannaCry ransomware attack on American energy companies in 2021, as well as other attacks on American nuclear and power infrastructure over the past few years. Malicious actors may also target the grid for financial gain or simply for disruption, making it essential for executives to stay vigilant when it comes to protecting their company’s systems from all types of security threats.
What is critical infrastructure protection?
Critical infrastructure protection (CIP) refers to the efforts to safeguard the essential systems and assets that are vital to the functioning of a society, economy, or nation-state. These systems and assets fall within key critical infrastructure sectors that are considered essential to the functioning of a nation and its people. These sectors are typically identified by governments and international organizations and are recognized as critical because they are vulnerable to physical and cyber threats and attacks that could cause significant harm or disruption to society.
The critical infrastructure sectors can vary slightly depending on the country or organization defining them, but generally, they include power grids, water treatment facilities, transportation networks, communication systems, financial institutions, and other critical facilities. These sectors are interdependent and interconnected, meaning that an attack or disruption in one sector can have a cascading effect on other sectors and society as a whole.
The aim of CIP is to prevent, detect, and respond to any physical or cyber threats that may impact the availability, integrity, or reliability of these critical infrastructures. CIP involves a wide range of activities, such as
- Risk assessment
- Vulnerability analysis
- Threat detection
- Emergency response planning
- Cybersecurity measures
What elements of the power grid are considered CIP?
The United States power grid consists of key elements that all need to be protected, which include;
- Generation: The power grid begins with power plants, which produce electricity from a variety of sources, including fossil fuels, nuclear energy, and renewable resources like solar and wind.
- Transmission: Once electricity is generated, it is sent over long distances through high-voltage transmission lines to substations.
- Substations: These facilities step down the high-voltage electricity to lower voltages for distribution to local areas.
- Distribution: Local distribution systems then deliver the electricity to homes, businesses, and other users.
- Control systems: The power grid is monitored and controlled by sophisticated computer systems that ensure the proper balance of supply and demand and help prevent blackouts and other disruptions.
- Workforce: A skilled workforce is necessary to operate and maintain the power grid. This includes engineers, technicians, electricians, and other professionals.
Ensuring the security and protection of these assets is critical for the functioning of society and the economy, and any disruption or attack on these power grid elements can have significant consequences. Therefore, efforts to protect the power grid from physical and cyber threats are a key component of critical infrastructure protection.
What can be done to protect critical infrastructure
Power grid operators must take a proactive approach when it comes to protecting all of the elements highlighted above. Companies should regularly assess and address weaknesses in their systems, adopt the latest technologies, and stay up to date with government regulations concerning critical infrastructure protection.
Fortunately, there are steps businesses can take to protect their operations from attack. The U.S. government has a set of regulations which sets out guidelines for how companies should implement critical infrastructure protection to protect their power grids from threat actors and other accidents that could cause ballistic damage or other forms of destruction to infrastructure and private utilities operations. Companies should strive to comply with these standards in order to remain secure against malicious intrusions and vandalism, both physical or digital.
Technologies such as Physical Security Information Management can be used to monitor their perimeter and detect threats before they have the chance to penetrate the system. Companies should also look into investing in physical security measures such as surveillance cameras, video analytics, perimeter intrusion detection systems and hostile vehicle mitigation systems.
On the digital side, cyber-attacks are becoming more prevalent for disrupting normal operations. Whether intentional harm or a way to try new code, attackers are actively looking at utilities as a way to cripple both the economy and our daily lives. While we saw the effects of the Colonial Pipeline attack, it is now realized the payoff can be beneficial and because of this more vulnerabilities are being sought after and exposed. This can be anything from passwords being leaked to legacy systems that have not been updated. Operators now have more pressure to ensure systems are up to date and there is visibility into all systems while staying current with governmental regulations.
To ensure performance in all aspects of grid operations, technology to facilitate and automate the response to incidents can be put in place with a digital operations platform. Bolstering resilience by assessing, acting, and analyzing incidents, disruptions can be handled efficiently and effectively prior to affecting customers and improving responses to future events.
By taking these steps—and staying up-to-date with government regulations—executives can ensure that their businesses remain safe against any type of attack while continuing to provide reliable service for customers across the country. Additionally, it is important for companies to build strong relationships with public security agencies like the Department of Homeland Security and local agencies to share information on threats both at a national and local level.
Contact us to learn how Everbridge can help safeguard your organization with a digital operations platform.
Everbridge PSInsights provides public authorities with the information needed to quickly assess the public safety impact of situations in real-time, enabling them to make more informed decisions and thereby reducing the impact of incidents.
Everbridge is a trusted critical event management partner to the top research universities in the USA, providing solutions to keep campuses safe.
Businesses and communities are experiencing a growing number of disruptions from threats like severe weather, civil unrest, theft and vandalism, pandemics, and cyber-attacks. These disruptions have left many organisations concerned about the safety of their people and operations. As our world becomes increasingly uncertain, to succeed, organisations need to build resilience so that they can anticipate and avoid threats, respond effectively when necessary, and learn from their experiences to improve their next response.
Uncertainty is the New Normal
According to the IMF’s World Uncertainty Index, “…global uncertainty has increased significantly since 2012. Looking back at the past 60 years, we see few episodes in which uncertainty has been at levels close to those observed in the past decade.”
Uncertainty impacts business confidence. According to the World Economic Forum’s Global Risks Report 2022, 85% of the global leaders and experts surveyed are worried or concerned. In the 2022 Allianz Risk Barometer, cyber-attacks, business interruptions, and natural disasters are the key issues for organisations.
Organisations are right to be concerned about cyber-crimes. A Software Advice survey found that 62% of UK-based small and medium sized companies experienced an increase in cyber threats in 2020 and 2021. These threats have a very real economic impact. McAfee estimates that global cyber-crime losses will exceed £1 trillion in 2022, a 50% increase over 2018.
According to PwC’s Global Crisis Survey 2021 resilience is defined as “the ability to bounce back from disruption. But it’s also about being prepared to enable and secure new possibilities”. PwC further argues that organisational resilience is critical — not just to succeed, but to survive.
Yet, Organizations Remain Unprepared…
Despite increasing disruptions, many companies are not investing in building resilience. To learn more, Everbridge, PwC and Atos Unify, a global leader in communication and collaboration services and solutions, partnered together to survey 200 European global industry resilience leaders in July about how they prepared for critical events, made investments in building resilience, and what the impact was when an event did occur. The survey was conducted by Professor Stefan Vieweg, a business resilience expert who leads the Institute for Compliance and Corporate Governance at the Rheinische Fachhochschule in Germany.
In the survey, most respondents reported spending less than 25% of their time building their organisation’s resilience. Many decision makers were uncertain about how to effectively implement resilience programs and platforms or were unaware of what tools were available. They also had difficulty calculating ROI or correlating the investment in resilience processes and technology to saving lives, mitigating costs, and averting impact to brand and reputation so they could gain C-suite support for the investment required.
Senior leaders across several European industries were interviewed to better understand what challenges they faced in building resilience. One leader reflected on the importance of senior management making resilience a priority.
“You need to address this from the top management so that you have the help of this authority to prioritise [resilience].”
– IT Risk Domain Expert, Leading French Commodity Firm.
Another recognized the difficulty in securing funding.
“The thing we struggle with is we’re so reactive, and our CEO doesn’t like to spend money. We’ve talked about CEM but getting the budget for it is the absolute challenge.”
– HR Decision Maker, UK Technology Company
Even when companies are confident that they are prepared for unforeseen risks, without the right tools and processes, their response may be ineffective. In the survey, almost half of the respondents felt at least moderately prepared to deal with threats. Despite this relatively high level of confidence, respondents reported only being able to avert about 25% of the potential damage of the last two events they had responded to, resulting in a negative financial impact of over 50% of annual sales, likely impacted by COVID-related losses, and, for 67% of the people surveyed, weeks and months of continued business disruption.
Critical Event Management (CEM) Builds Resilience and Success
According to Atos Unify: “building resilience is vital to surviving and thriving during times of change. Building People Resiliency is a key priority in as part of the Duty of Care for any organisation. Engaging employees becomes a key success factor to their safety and their overall performance. Resilience of physical and digital infrastructure will make the difference when it comes to delivering the service and value expected by consumers or citizens.”
The right critical event platform is a key component of building resilience. Critical event management platforms use technology to automate manual processes and bring together different ad hoc data feeds so companies can act quickly and decisively to assess risks and prevent harm to their people and operations. The Everbridge CEM platform brings innovative business intelligence, communications, and crisis management together to help organisations anticipate risks and respond to critical events. When a serious incident does occur, the Everbridge platform helps companies to recover quickly, learn and adapt as necessary, and continue to succeed.
The Everbridge platform reduces uncertainty and increases control. In a survey among Everbridge’s Best in Resilience™ certified organizations, 86% felt confident that they could identify the potential impact of a threat and 95% could contact their impacted employees in less than fifteen minutes.
The Everbridge platform is a smart investment with a demonstrated ROI. According to a Forrester study of Everbridge customers, the Everbridge CEM platform paid for itself in less than three months. Forrester also reported that “after investing in Everbridge’s platform, customers found they were able to respond to and contain critical events more quickly and effectively.”
And resilience doesn’t just help prepare companies to anticipate and deal with risks. A strong CEM platform like Everbridge’s helps organisations to make better strategic decisions and increase profitability by uncovering expense efficiencies, improving operations, and applying consistent practices across the organisation. One global Fortune 500 pharmaceutical company said “CEM has improved our efficiency by leaps and bounds. It’s transformed how we operate.” It can also help to unlock opportunities that may come from successfully responding to a threat.
Organisations can confidently build resilience with Everbridge’s innovative business intelligence, communications, and crisis management solutions. And for end-to-end, robust resilience solutions, Everbridge works collaboratively with partners like PwC and Atos. To better understand their current level of resilience, companies rely on PwC’s consulting services to identify gaps and opportunities to further enhance their resilience maturity. With Atos Unify’s CEM enabled end-to-end mission-critical and vertical solutions and the Everbridge CEM platform, companies can automate digital workflows and visualize important information in one central location for quicker response times.
By providing the tools for organisations to anticipate risks and effectively respond, Everbridge, PwC, and Atos Unify are partners for continued success in the face of any disruption.
How Can We Help You Build Your Company’s Resilience?
Learn more at our upcoming Resilience Roadshow across Europe.
Johnson Controls International (JCI) is the global leader in smart sustainable buildings. Founded in 1985, JCI continues to expand its reach and set itself apart as a leader in building products, technologies, and innovative solutions. Their team is comprised of over 100,000 experts in over 150 countries across 1,600 offices.
Keep your people safe. Ensure that privacy and security are maintained at all times. Whether the threat comes from outside or within, Everbridge Signal can help.