Risk

10 Security Risks Faced by the Utility Industry

By Daniel Young | June 22, 2022 | 4 min read
Utilities

The utility industry is one of the most important industries in the country — utility companies are the U.S.’s backbone. They provide water, sewage, energy and other basic services to the public and comprise more than $1.5 trillion of the U.S. economy. Unfortunately, despite the importance of these organizations, they can be very vulnerable when it comes to security.

10 risks faced by the utility industry

  1. Cyberattack - From the cyberattack that took down the Colonial Pipeline to concerns about the water utilities being hacked by Russia, there is much concern about utilities’ ability to fend off cyber attack. That concern is justified — although there is legislation aimed at updating the grid, utilities have been the focus of cybercriminals in recent years. According to Verizon’s 2021 Data Breach Investigations Report, 86% percent of the industry’s attacks were the result of social engineering attacks. Ransomware also played a role in attacks on utilities.

  2. Old infrastructure - Much of the U.S.’s critical infrastructure is very old. According to one report, some components of the country’s grid are more than a century old — twice its life expectancy of 50 years. This is problematic for many reasons; old infrastructure wears out, is vulnerable to new digital threats, and may not be replaced until there is an emergency. This means there may not be much standing between the grid and a crisis.

  3. The continuing impact of the COVID-19 pandemic - According to UtilityDive’s 2021 State of the Electric Utility Industry report, the utility industry is continuing to feel the impact of the pandemic, which more than half of utility organizations say has been a top driver of change in the industry. For example, electricity loads had been the same for years, but remote work and the lockdown changed load rates radically, and utility companies had to scramble to keep up. As time moves on, less of an impact will be felt, but many energy companies expect to feel the effects of the pandemic for 1-3 years.

  4. Increasing complexity - New sources of energy are being added to the grid, and existing energy sources are being used to power new items, like electric cars. As renewables are added, and as more power generation sources (like solar panels) are tied to the grid, the power grid will become more complex. The move from centralized to decentralized energy will lead to new challenges, like cost decreases and difficulty in securing the grid.

  5. Weather events - Weather events are getting more severe, and unfortunately, one site disruption can affect the utilities for an entire area. Extreme weather events are something that utility companies must plan for — and something that should inspire an upgrade of aging facilities and infrastructure.

  6. Terrorist attack - While cybersecurity is certainly a concern, so is physical security. A recent bulletin from the Department of Homeland Security warns that domestic terrorist groups “have developed credible, specific plans to attack electricity infrastructure since at least 2020.” Utility companies need to be mindful of threats from inside our borders and from outside the country as well.

  7. Insider threats - As with any organization, the call could be coming from inside the house. If extremists or criminals are working within a utility company, they can create havoc from inside.

  8. Theft - Theft is always an issue and with utilities, theft can take a number of forms, from the traditional insider theft, to theft of energy, to theft of the expensive tools in utility trucks. Be mindful of securing trucks when workers are in the field.

  9. Unhappy customers - As power costs rise, there are likely to be unhappy customers who can’t pay their power bills and some of them may become violent. This can be a problem because many energy companies still accept payments in person. A former client of mine was a power company with an office in a dangerous area. That office was a payment location; the workers there accepted cash payments for power bills. The company wanted that office to be friendly and welcoming, but the workers there were nervous because people knew they kept cash there, and because many frustrated customers would come in. If this is how your company collects payments, it’s important to protect your workers and your assets by securing the payment office.

  10. Defending new energy sources - As we move to new energy sources, like solar and wind, utility companies will be faced with a new challenge: defending the large land areas of wind and solar farms. Having a plan in place to patrol the acreage of large power sources is critical when it comes to moving to renewables. One attack or mishap is all it can take to create a widespread outage.

Securing something as large and widespread as the grid can be daunting, but it is possible if you start with an assessment. Ready to learn how to evaluate the risk at each of your sites? Talk to an expert now about assessing your security.

About the Author

Daniel Young
Daniel Young
Founder & Chief Innovation Officer

Daniel has been a security and risk advisor for more than 10 years, and is passionate about helping companies to better understand their risks to undesirable events on a daily basis. Dan previously served as the Regional Bioterrorism Coordinator for District 1 in Michigan, where he was instrumental in preparing communities for catastrophic incidents. He has also acted as the Private Security Liaison for the City of Lansing’s Critical Infrastructure Team, which identified and documented deficiencies in the city’s critical infrastructure.

He is a Co-Founder of the CSO Risk Council, a think tank of seasoned security professionals and thought leaders with extensive experience in managing the physical security and risks of large enterprises consisting of multiple sites and whose mission is to create a better process to develop and share innovative solutions and pertinent information with organizations to improve safety and security risk by providing a forum to discuss best practices and recommendations for specific risk scenarios and to network with other enterprise security professionals.



Related Posts

Fighting at work

5 Ways to Limit Political Arguments at Work

Political discourse is important, but not in the workplace.

Read More
Museum security

Prevent Heists With ASIS’s Museum Security Standards

ASIS’s museum security standards are voluntary but important.

Read More
School safety

Why ASIS’s New School Standard is So Important

ASIS’s school safety standard launches in 2024. Here’s how it will change the conversation about...

Read More
Industry news feb

February 2024 — A Landmark School Shooting Ruling is Handed Down

School shootings, explosions and the latest grants from FEMA

Read More
Cloud self hosted

Cloud vs Self-Hosting: Which Should You Choose?

When you’re dealing with physical security, safety and lives are at stake. Do you trust your most...

Read More

Are you ready to improve your organization’s risk management?

See Circadian Risk In Action Now
Schedule FREE Demo