In December 2015, the first known successful cyber-attack on a power grid was carried out in Ukraine, disrupting the electricity supply for hundreds of thousands of customers for several hours. Since then, concerns have grown across the globe about the potential public health, economic and security impacts of widespread power outages in heavily populated regions.
The World Economic Forum (WEF) — perhaps best known for its annual high-profile meeting in Davos, Switzerland, that brings together business leaders, politicians, economists, journalists and celebrities from across the globe — is focusing increasing attention on cyber resilience. For help in this area, the WEF has sought expertise from the U.S. Department of Energy’s (DOE) Argonne National Laboratory.
In February, the WEF published “Cyber Resilience in the Electricity Ecosystem: Principles and Guidance for Boards.” The study, developed with the help of Argonne experts, places a special emphasis on the steps the electricity industry should take to combat the growing risk that comes from operating in an interconnected and interdependent environment, where the consequences of a cyber-attack could have a cascading effect on the electricity ecosystem.
According to Scott Pinkerton, cyber security program manager in Argonne’s Strategic Security Sciences division and part of the WEF Cyber Resilience-Electricity working group that developed the study, “The electricity industry recognizes that there are some serious issues at play. The question is: do they have the tools to evaluate the risks?”
The WEF report highlights two fundamental ways in which industry leaders can view cyber resilience. First, cyber risk is a business- and ecosystem-wide risk — not just an information technology risk — and cyber risk management should be integrated into all business decisions.
“Cyber security today is becoming a risk area in absolutely everything,” Pinkerton said.
To address cyber risks, the WEF established, in 2018, a first-of-its-kind “Centre for Cybersecurity” to help mobilize the capabilities of a global network of partners.
“The WEF is uniquely positioned to bring together global companies with governments to address urgent societal challenges. And Argonne is a leader in applying science and technology to address exactly these kinds of complex, real-world issues.” — Duane Verner, Argonne Resilience Assessment Group Leader
The second shift in managing cyber risk in such an interconnected environment involves industry leaders thinking beyond the cyber resilience of their own “houses” and toward the cyber resilience of the broader “neighborhood” of suppliers, customers, competitors, peers and regulators among others.
Pinkerton advocates much more robust coordination among electricity asset owners and operators. In October 2018, he made a presentation to the WEF working group titled “What does coordinated information sharing look like for the energy industry?”
“Some companies believe they are secure by simply subscribing to cyber threat information and downloading feeds of hostile IP addresses. But that’s not adequate protection.” Instead, he recommends creating a “coalition of the willing” — industry members who would actively share cyber threat information with each other.
Pinkerton said the ultimate goal is to achieve true situational awareness so that as an ecosystem, members can quickly go from seeing anomalous behavior to recognizing it as suspicious behavior to mitigating malicious behavior.
“The key is how fast you can detect, respond and recover,” he added.
Argonne’s involvement with the WEF began in September 2017, when Duane Verner, the Resilience Assessment Group Leader in the Decision and Infrastructure Sciences division, presented a simulated cyber-attack on the electric grid of “Big City USA” at a WEF workshop.
For Verner, it’s natural that the WEF is taking such a leadership role — and that Argonne is working to provide much-needed expertise.
“The WEF is uniquely positioned to bring together global companies with governments to address urgent societal challenges,” he said. “And Argonne is a leader in applying science and technology to address exactly these kinds of complex, real-world issues.”
Argonne National Laboratory seeks solutions to pressing national problems in science and technology. The nation’s first national laboratory, Argonne conducts leading-edge basic and applied scientific research in virtually every scientific discipline. Argonne researchers work closely with researchers from hundreds of companies, universities, and federal, state and municipal agencies to help them solve their specific problems, advance America’s scientific leadership and prepare the nation for a better future. With employees from more than 60 nations, Argonne is managed by UChicago Argonne, LLC for the U.S. Department of Energy’s Office of Science.
The U.S. Department of Energy’s Office of Science is the single largest supporter of basic research in the physical sciences in the United States and is working to address some of the most pressing challenges of our time. For more information, visit the Office of Science website.