• About
  • Advertise
  • Subscribe
  • Contact
  • Events
Monday, June 23, 2025
Newsletter
SUBSCRIBE
  • News
    • Events
  • Features
  • Electricity
  • Gas
  • Renewables
    • Batteries & Storage
    • Hydro Power
    • Hydrogen
    • Solar
    • Wind
  • Smart Energy
No Results
View All Results
  • News
    • Events
  • Features
  • Electricity
  • Gas
  • Renewables
    • Batteries & Storage
    • Hydro Power
    • Hydrogen
    • Solar
    • Wind
  • Smart Energy
No Results
View All Results
Home

Smartly securing your grid from cyber attacks

by Lauren Butler
August 24, 2018
in Cyber Security, Features, Safety and Training, Smart Energy
Reading Time: 6 mins read
A A
Share on FacebookShare on Twitter

by Simon Vardy, Managing Director, Accenture Australia Utilities Strategy Practice

The threat of cyber attacks on power infrastructure is a cause of global concern, with their critical systems a prime target for cyber attackers to inflict serious damage and disruption. In the past twelve months, hackers have breached the networks of energy providers in Germany, Ukraine and the US using sophisticated malware, causing power outages of various scales and prompting serious concern amongst providers and governments.

Irrespective of motive or source, a successful attack in Australia could see large populations across the country suffering major power outages, as well as causing enormous business disruption and resulting in substantial economic damage.

Additionally, energy providers in Australia are increasingly experimenting with “smart grid” trials, in the hope of providing consumers the power to use energy more efficiently and alleviate risk of future blackouts, as seen in South Australia in 2017. Despite the benefits, the evolution to smart grid technology that connects IT, energy management systems and consumers is blurring traditional boundaries and creating new security vulnerabilities.

Microgrids are increasingly being investigated by Australian energy providers, heralded for their flexibility, resilience and integration with renewable power. Microgrids provide the ability to “self-island” from a distribution network and can use distributed, self-healing architectures to maintain energy delivery. If a physical event or cyber attack causes a power outage, microgrids can also contain the impact by shedding non-essential loads and continuing to energise critical loads. However, they themselves are vulnerable as a result of their increased penetration of monitoring and control capabilities, which open up the possibilities for breaches of security.

As we transition to a more digitised energy world, there is a fear that the same greater connectivity enabled by smart grids and microgrids could also create even greater opportunities for cyber criminals to launch crippling attacks.

A rapidly evolving risk landscape

Australian energy providers are fully aware of the potential damage cyber attacks can inflict on our electricity networks. Accenture’s Digitally Enabled Grid survey revealed that more than half (57 per cent) of distribution business executives cite interruptions to supply as their greatest cyber attack related concern, closely followed by potential impacts on customer and employee safety (53 per cent). While distribution utilities are well-practiced at restoring grids after traditional disruptions like adverse weather or asset failure, Accenture research showed only half of utility executives thought they were well-prepared for the challenges of an interruption from cyber attack.

Further to this, the latest Accenture High Performance Security research shows that fewer than 40 per cent of electricity utilities globally have methods, tools and skills comparable to
the highest level of performance.

Our experience has also shown that the greatest challenges to effective preparedness and response to cyber threats are often internal, rather than external factors. In fact, obstacles are often created by the cultural and organisational silos that exist between operations and technology business units; as well as the dwindling number of personnel available to operate the grid without technology, which can significantly strain utilities’ capabilities.

The current technology landscape for many utilities operators features control systems that work on old or vulnerable operating systems – commonly without sufficient processing power to run effective virus scans, or a lack of encryption or authorisation on communications channels – accompanied by limited or no security for endpoints, such as programmable logic controllers and intelligent end devices.

Developing a resilient delivery system

Cyber security needs to become a core industry capability for energy providers, one that protects the entire value chain and extended ecosystem from end to end. The increasing convergence of physical and cyber threats requires the development of capabilities that go well beyond simple compliance.

Utilities should invest in cyber resilience measures, as well as effective response and recovery capabilities. There are some strategies utility companies should consider to strengthen resilience and response to cyber attacks. These steps could allow the building and scaling of cyber defence capabilities:

Investigate a platform approach to cyber security capabilities

With increased regulation and greater customer requirements, distribution businesses are finding it difficult to prioritise projects and may therefore find themselves lacking the
resources required to address and develop cyber security capabilities. It may therefore be productive to find ways to pool resources or look to platform-based models and technology
solutions that could help address common cyber security challenges, removing the need to build their own internal capabilities.

Integrate resilience into asset and process design

Most utilities still operate systems and assets that were designed before the advent of computers, and definitely before the emergence of cyber attacks. Including cyber security into
asset and process design will certainly make the distribution system more resilient. As an extra step, integrating natural hazard hardening as well as security into the design of
distribution grids will make these more resilient at a lower overall cost.

Share threat information

Distribution businesses are likely to be facing the same common threats. Sharing intelligence and information between businesses is a critical activity that could help create situational awareness of the latest threat landscape and how to prepare accordingly. However, data privacy and security regulations may impact greater openness and transparency between businesses. In the absence of information sharing between utilities, external cyber experts could be consulted to help create a much-needed situational awareness.

Develop security and emergency management governance protocols

Developing a cyber security governance model should reflect the prevailing corporate culture. For example, a top-down, centralised business should mirror its culture in its cyber security governance model. Similarly, a business that is less centrally controlled and managed should adopt a similar decentralised approach to the governance of cyber security. There is no single approach – each distribution business needs to consider its organisational and operational context in order to devise the most effective approach.

Develop relationships with regional security officials and with cyber response experts

Whether national security and intelligence officials or private sector cyber response and legal experts, expertise will be required to help contain, investigate and manage the
consequences of the response. Developing these relationships now, modelling the interactions and planning the response will be critical to an effective, efficient response to cyber
attacks.

Embracing security at the core

Grid operators in Australia are at varying stages in the cyber protection maturity curve. While some are only working toward compliance with security standards, others are already working on developing cyber security as a core business capability.

To combat cyber risks, distribution businesses need an agile capability that creates and leverages situational awareness, based on changing threat factors and that can quickly react and intervene to cyber attacks. Leaning on the wider energy ecosystem, Australian transmission and distribution utilities must engage with government and industry forums so that new threats are managed quickly and effectively.

To meet the security imperative from within, a smart grid, or microgrid, must integrate consolidated, end-to-end IT and physical security into its design, ensuring system “irregularities” can be flagged seamlessly between grid control, security operations, network operations centres and beyond.

In Accenture’s view, the optimal approach to cyber security is an effective segmentation of risks, with the implementation of the most advanced security for highest-risk, high-value assets or highest-impact customers. At this level, utilities will have greater operational control, improved situational awareness, lower risk, superior control of operations and maintenance costs, and are better prepared for the impact of future disruptive technologies.

This should be achieved through certificate-based, device-level authentication (where feasible), network protocols that support encryption, application security, network segmentation, security monitoring, incident response and a hardening process to manage vulnerabilities in a timely fashion.

Cyber attacks to Australian utility infrastructure could cause chaos and mass disruption, from motivated ransom attacks to completely disabled networks. As utilities go digital, Australian energy providers must be proactive in both their adoption of smart and microgrid technology, as well as implementing powerful, adaptable security systems that minimise risks posed by cyber attacks.

Related Posts

The right digital strategy can drive innovation and long-term resilience in the energy sector. Image: tharathip/stock.adobe.com

Accelerating the transition with digital technologies

by Sarah MacNamara
June 20, 2025

As Australia’s energy system scales up for a net zero future, Autodesk shares key strategies to streamline the sector’s digital...

Low visibility makes powerlines a serious hazard for aircraft and ground crews. Images: V-TOL Aerospace

Eyes on the wires

by Sarah MacNamara
June 20, 2025

With the national commitment to expand the energy grid to support renewables, V-TOL Aerospace is working to ensure this essential...

Standalone power systems are set to play an important role in Australia’s future energy mix. Images: Pacific Energy

Powering ahead with SAPS

by Sarah MacNamara
June 20, 2025

Pacific Energy is helping to shape Australia’s future energy system with its stand-alone power systems, designed and manufactured right here...

Read our magazine

Join our newsletter

View our privacy policy, collection notice and terms and conditions to understand how we use your personal information.
Energy is a thought-leading, technology-neutral magazine, developed to help the industry answer some of the Energy sector critical questions it is currently grappling with.

Subscribe to our newsletter

View our privacy policy, collection notice and terms and conditions to understand how we use your personal information.

About Energy

  • About
  • Advertise
  • Subscribe
  • Events
  • Contact
  • Digital Magazine
  • Terms & Conditions
  • Privacy Collection Notice
  • Privacy Policy

Popular Topics

  • News
  • Spotlight
  • Renewable Energy
  • Electricity
  • Projects
  • Networks
  • Sustainability
  • Gas

© 2025 All Rights Reserved. All content published on this site is the property of Prime Creative Media. Unauthorised reproduction is prohibited

No Results
View All Results
NEWSLETTER
SUBSCRIBE
  • News
    • Events
  • Features
  • Electricity
  • Gas
  • Renewables
    • Batteries & Storage
    • Hydro Power
    • Hydrogen
    • Solar
    • Wind
  • Smart Energy
  • About
  • Advertise
  • Subscribe
  • Contact
  • Events
  • Newsletter

© 2025 All Rights Reserved. All content published on this site is the property of Prime Creative Media. Unauthorised reproduction is prohibited