Cyber resilienceBolstering cyber resilience

In December 2015, the first known successful cyberattack on a power grid was carried out in Ukraine, disrupting the electricity supply for hundreds of thousands of customers for several hours. Since then, concerns have grown across the globe about the potential public health, economic and security impacts of widespread power outages in heavily populated regions.

The World Economic Forum (WEF) — perhaps best known for its annual high-profile meeting in Davos, Switzerland is focusing increasing attention on cyber resilience. For help in this area, the WEF has sought expertise from the U.S. Department of Energy’s (DOE) Argonne National Laboratory.

In February, the WEF published Cyber Resilience in the Electricity Ecosystem: Principles and Guidance for Boards. ANL says that the study, developed with the help of Argonne experts, places a special emphasis on the steps the electricity industry should take to combat the growing risk that comes from operating in an interconnected and interdependent environment, where the consequences of a cyber-attack could have a cascading effect on the electricity ecosystem.

According to Scott Pinkerton, cyber security program manager in Argonne’s Strategic Security Sciences division and part of the WEF Cyber Resilience-Electricity working group that developed the study, “The electricity industry recognizes that there are some serious issues at play. The question is: do they have the tools to evaluate the risks?”

The WEF report highlights two fundamental ways in which industry leaders can view cyber resilience. First, cyber risk is a business- and ecosystem-wide risk — not just an information technology risk — and cyber risk management should be integrated into all business decisions.

“Cyber security today is becoming a risk area in absolutely everything,” Pinkerton said.

To address cyber risks, the WEF established, in 2018, a Centre for Cybersecurity to help mobilize the capabilities of a global network of partners.

The second shift in managing cyber risk in such an interconnected environment involves industry leaders thinking beyond the cyber resilience of their own “houses” and toward the cyber resilience of the broader “neighborhood” of suppliers, customers, competitors, peers and regulators among others.

Pinkerton advocates much more robust coordination among electricity asset owners and operators. In October 2018, he made a presentation to the WEF working group titled “What does coordinated information sharing look like for the energy industry?”

“Some companies believe they are secure by simply subscribing to cyber threat information and downloading feeds of hostile IP addresses. But that’s not adequate protection.” Instead, he recommends creating a “coalition of the willing” — industry members who would actively share cyber threat information with each other.

Pinkerton said the ultimate goal is to achieve true situational awareness so that as an ecosystem, members can quickly go from seeing anomalous behavior to recognizing it as suspicious behavior to mitigating malicious behavior.

“The key is how fast you can detect, respond and recover,” he added.

Argonne’s involvement with the WEF began in September 2017, when Duane Verner, the Resilience Assessment Group Leader in the Decision and Infrastructure Sciences division, presented a simulated cyber-attack on the electric grid of “Big City USA” at a WEF workshop.

For Verner, it’s natural that the WEF is taking such a leadership role — and that Argonne is working to provide much-needed expertise.

“The WEF is uniquely positioned to bring together global companies with governments to address urgent societal challenges,” he said. “And Argonne is a leader in applying science and technology to address exactly these kinds of complex, real-world issues.”