Recent attacks have prompted utilities to reexamine their cybersecurity protocol. There is a growing awareness that vulnerabilities can lead to disaster. The SolarWinds software supply chain hack exposed about 25% of electric utilities to malware, according to NERC. And a single compromised password at the Colonial Pipeline Co. created an opening for ransomware which ultimately led to the shutdown of the largest gasoline pipeline on the East Coast.

The cyber threat, combined with the growth of distributed resources, has led many industry players to evaluate new approaches to securing bulk electric system assets.

Security requirements

Some project that security requirements will move away from prescriptive standards for historically broad categorizations of low, medium, and high impact facilities:

  • High-impact facilities. Defined as those with resources of 3,000 MW in aggregate or more. These include large electric grid control centers.

  • Medium-impact facilities. Defined as those with resources between 1,500 and 3,000 MW in aggregate.

  • Low-impact facilities. Includes all other assets on the bulk power system.

These standards have been in place for over a decade despite a rapidly evolving industry. In addition to the increase in distributed resources, the digitization of the grid, and the convergence of information and operational technology systems have contributed to the changing landscape in which utilities operate.

The threat equation is also much different than it was a decade ago. Over the past year alone we have witnessed numerous complex cyber threats in the US. These attacks  exemplify the power of a coordinated digital offensive. Given their ability to compromise systems, there is no question that the industry must begin with a real understanding of the scope of the threat and then identify a path forward for all asset environments.

How Convergint can help

Convergint offers a powerful combination of industry understanding and security expertise, facilitating our ability to assist in three key ways:

  • Assistance in the development of a more programmatic and methodical approach to cybersecurity implementation strategies.

  • Performance of gap analyses to support regulatory compliance.

  • Assistance with equipment cyber hardening.

To schedule your free consultation, fill out the form below.