Protecting all aspects of the grid

Assault and batteries
Protecting all aspects of the grid
Stuart Solomon, Brian Walker and
Utku Gulmeden
It was closing in on the end of an ordinary day on
December 23, at the Prykarpattyaoblenergo control
center, the source of power for hundreds of thousands
of Ukrainians.1 And then things started going terribly
wrong. One by one, substations were shut down by a
shadow force that had commandeered the center’s
systems. As operators watched helplessly, the cyberattack
shut down the grid leaving 230 thousand residents
without light or heat on one of the coldest, darkest days
of the year.
The plot line of a Tom Clancy novel became a reality: A major
utility had been hacked. The motivation behind the Ukrainian
hack is still under investigation. But what’s certain: The damage
will be long-lasting. Although power was restored within hours,
the control centers were still not fully operational for months.
It’s chilling to note that the security of the Prykarpattyaoblenergo
control center is considered comparable to the security in many
utilities in developed countries.2
26%
Making operations even more susceptible to cyberattacks is
the use of batteries to bring enhanced reliability to the grid. But
those same batteries introduce vulnerabilities that need to be
addressed in seconds instead of days. The answer isn’t to forego
the digital innovation enabled by batteries. The benefits to
utilities are too great for that. But given the added vulnerability
of grid batteries, leading utilities will be ones that act now
to shore up security—gaining real-time insight into operations.
Insight that helps them prevent or minimize cyberattacks.
From disruption to destruction
According to Accenture research, more than half (57 percent)
of executives surveyed said their utilities organizations have
experienced cyberattacks significant enough to test the resilience
of their IT systems.3 Yet only 40 percent agree their cybersecurity
strategies are robust.
2 | Assault and batteries: Protecting all aspects of the grids
26%
Only 26 percent of utility
executives have designed
resilience parameters into
their technology model.
5%
A mere 5 percent have tested
intentional failures or attacks
on their system.
5%
Perhaps some of this complacency comes from the fact that,
to date, most hacking incidents have been merely disruptive in
nature. Service is briefly suspended. Or non-critical equipment
shuts down temporarily. But as the Ukraine case proves, cyberattacks have become more physically destructive to operations.
And the critical functioning of entire substations can be sabotaged
by a line of code.
Utilities are similar to other industries when it comes to warding
off cyber threats. In the Accenture research only 26 percent of
Utilities have designed resilience parameters into their
technology model.4 And globally, a mere 5 percent have tested
intentional failures on their system. Utility executives must
proactively design resilience parameters and test their systems
so they are prepared when, not if, attacks happen.
60%
60%
Triple “A” batteries
Accenture analysis shows that, in the last five years, nearly 20%
of new power generation in the US came from distributed energy
resources (DER).5 Consider the solar panel market alone. In 2012
DER equaled less than $200 million, but by 2017, that number
will shoot up to a staggering $19 billion.6 Fully 60 percent of
utility executives anticipate applying energy storage solutions to
integrate DER to serve as “shock absorbers” for the grid.7 That’s
the good news. The bad news? With DER comes increased cybersecurity risks. Aggressive adversaries are continuously innovating
and evolving—and uilities must similarly adapt and learn.
From months to moments
Accenture analysis indicates the “discover and cure” time for
cyberattacks is roughly eight months: a lifetime when it comes
to protecting assets that can be irreversibly damaged in the
space of a few seconds. Now, with increasingly sophisticated
and destructive cyber threats, utilities must react in seconds to
protect the grid infrastructure from being physically damaged
and maintain the lifeline that powers society and energizes the
digital economy.
4 | Assault and batteries: Protecting all aspects of the grids
60 percent of utility
executives anticipate
applying energy storage
solutions to integrate DER
to serve as “shock absorbers”
for the grid.
Recently, one of the world’s largest energy companies was
attacked by a virus. Thirty thousand of the company’s computers
were infected with the virus that permanently deleted data from
hard drives causing operational delays and other disruptions.
Powering up
With the advent of digital, industry players face a double edged
sword. On one side, digital enables new business models featuring
DER that stabilize the grid. On the other, such capabilities make
the grid more vulnerable to attack. What can utilities do to protect
all aspects of their operations? Adopt a two-pronged strategy:
embracing digital capabilities and significantly enhancing
cyber-security capabilities.
Embrace digital.
Utilities must embrace the realities of digital business models and
core enabling technologies. As with every generation of disruptive
technology, the temptation to avoid or delay adoption is seductive,
but inevitably incorrect. Grid batteries provide rapid fine-tuning
capabilities for the grid as well as increasingly cost-effective
options for reducing overall generation costs. Ultimately, the
utilities that proactively and aggressively embrace grid batteries
will not only survive, but will thrive. Some real-world examples
are already emerging:
Duke8 is a leading player in the United States, supplying energy to
more than 7.2 million customers. The company is moving from grid
operator to become an intelligent grid operator using DER to enable
the transformation. How? Through its program, the “Coalition of
the Willing,” an initiative that gathers smart grid vendors to work
on standardizing DER integration. It’s a new business model that
could allow Duke to offer microgrids DER services. In parallel, the
company is focused on cybersecurity and actively testing systems
to improve recovery time should an attack occur.9
5 | Assault and batteries: Protecting all aspects of the grids
As with every generation of
disruptive technology, the
temptation to avoid or delay
adoption is seductive, but
inevitably incorrect.
Vandebron, a new entrant in a saturated market: The Netherlands.
With an innovative business model that directly connects renewable supply to customers, Vandebron’s customers can go online
and choose among different renewable energy providers. In-home
batteries such as the Tesla Powerwall become an owner-controlled
source of DER—dramatically expanding both the benefits and risks
of battery supplies in the overall grid.
Defend cyber.
Utilities must develop sophisticated cyber defense capabilities.
Moving beyond traditional risk mitigation protocols (like
compliance with standards and basic “hygiene”). Well-defended
utilities will adopt enhanced mitigation techniques including
real-time defenses, industry-wide sharing, asset hardening, and
aggressive testing.
Addressing ever-evolving cyber threats from sophisticated
aggressors is complex—even for the most advanced utilities.
While some actions are suitable for individual utility adoption,
others will require integration across the industry sector and
regulatory collaboration. Two important considerations for
advancing the collective utilities capabilities in cyber are:
1. A proactive sector-wide digital solution which includes
“real-time” analytical models and pattern recognition.
This helps utilities to assess threats against key information assets
or physical infrastructure. When it comes to maintaining the
security of their systems, cyber threats to physical assets can vary
dramatically in impact from simple interruption to catastrophic
damage. To gauge the value of real-time analytics, it is important
for executives to understand their fleet of assets across the value
chain—by capital category and risk—so they are able to make
informed decisions about the impact of cyber intrusions.
6 | Assault and batteries: Protecting all aspects of the grids
Addressing ever-evolving
cyber threats from
sophisticated aggressors is
complex—even for the most
advanced utilities. While
some actions are suitable for
individual utility adoption,
others will require integration
across the industry sector
and regulatory collaboration.
2. Regulators also have an essential role to play. Successfully
defending the grid will require close and continuous collaboration
between regulators and the utility community. Two specific
areas for immediate focus include cyber funding expediency
and industry-wide cyber sharing.
Funding Expediency: Cyber aggressors are tenacious and
creative—not constrained by quarterly earnings and periodic
regulatory rate cases. To keep pace with aggressors, utility leaders
need confidence that they can continuously identify and include
new defensive capabilities as they are available in the market
and not be hampered by delays caused by uncertainty of recovery.
Regulators should set the tone with utility executives that
they “have their back” and enact accelerated and frequent
transparency/recovery mechanisms.
Cyber Sharing: Regulators should continue to encourage
information sharing about cyber threats and indicators. This
model is gaining popularity in both the US and Asia as traditional
information sharing through Information Sharing and Analysis
Centers (ISACs) is being enriched with advanced real-time sharing
models. Real-time surveillance and protection by individual
utilities is vital. And its power is magnified tremendously by the
network effect of real-time sharing among advanced utilities.
Such a model requires intimate collaboration and sharing by
willing utilities—requiring commercial, financial, operational,
and technical alignment. Collaboration can be dramatically
accelerated by active leadership and orchestration by
strong regulators.
7 | Assault and batteries: Protecting all aspects of the grids
Energizing the future
There’s no question that grid-scale batteries offer
tremendous capabilities for stabilizing the grid, acting as
shock absorbers and allowing real-time responsiveness
for fine-tuning energy production. That’s the up side.
The downside? Reacting to cyberattacks is anything but real
time and hacks are moving from disruptive to destructive.
Leading utilities will be those that simultaneously create
security capabilities that defend against ever-changing
threats while also creating new digitally-enabled business
models with premium returns for shareholders.
8 | Assault and batteries: Protecting all aspects of the grids
Join the conversation
About Accenture
@AccentureStrat
@Accenture_Util
Accenture-Strategy
Accenture Utilities
Brian Walker
[email protected]
Accenture is a leading global professional
services company, providing a broad range of
services and solutions in strategy, consulting,
digital, technology and operations. Combining
unmatched experience and specialized skills
across more than 40 industries and all business
functions—underpinned by the world’s largest
delivery network—Accenture works at the
intersection of business and technology to help
clients improve their performance and create
sustainable value for their stakeholders. With
more than 375,000 people serving clients in more
than 120 countries, Accenture drives innovation
to improve the way the world works and lives.
Visit us at www.accenture.com.
Other contributors
About Accenture Strategy
Contact the Authors
Stuart Solomon
[email protected]
Utku Gulmeden
[email protected]
Ana Paula Mundim
[email protected]
Notes
1 Wired, “Inside the Cunning, Unprecedented Hack of Ukraine’s Power
Grid” http://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/.
2Ibid.
3 Accenture Strategy Research on the Intersection of Business and
Technology, 2015.
4 Accenture Strategy Research on the Intersection of Business and
Technology, 2015.
5 Accenture analysis, SEIA, GTM (http://www.greentechmedia.com/
articles/read/solar-accounted-for-64-of-new-electric-generatingcapacity-in-the-us-in-q1).
Accenture Strategy operates at the intersection
of business and technology. We bring together
our capabilities in business, technology,
operations and function strategy to help our
clients envision and execute industry-specific
strategies that support enterprise wide
transformation. Our focus on issues related
to digital disruption, competitiveness, global
operating models, talent and leadership help
drive both efficiencies and growth. For more
information, follow @AccentureStrat or visit
www.accenture.com/strategy.
6 http://energystorage.org/energy-storage/facts-figures.
7 Accenture’s Digitally Enabled Grid research program, Accenture, 2016.
8 Greentech Media, “Microgrids Drive Duke’s Coalition for Grid-Edge
Interoperability” http://www.greentechmedia.com/articles/read/
Microgrids-Drive-Dukes-Coalition-for-Grid-Edge-Interoperability.
9 Accenture interviews.
Copyright © 2016 Accenture. All rights reserved.
Accenture, its logo, and High Performance Delivered
are trademarks of Accenture.
This document makes descriptive reference to trademarks that may be
owned by others. The use of such trademarks herein is not an assertion
of ownership of such trademarks by Accenture and is not intended to
represent or imply the existence of an association between Accenture and
the lawful owners of such trademarks.