Risks and Resilience of the Electrical Sector

At the third Cyber Risk Wednesday a series of government and private sector experts discussed the cyber risks and resilience in the electrical sector.

The panel included Jeanette Manfra, deputy director of enterprise performance management in the office of cybersecurity and communications at the US Department of Homeland Security; FusionX Chief Technology Officer Tom Parker; Cyber Statecraft Initiative senior fellow Neal Pollard and Gib Sorebo, chief cybersecurity technologist at Leidos. Director of the Cyber Statecraft Initiative, Jason Healey, moderated the conversation.

The panelists agreed that contrary to popular myth and doomsday scenarios, taking down the electrical grid is not easy to accomplish from a tactical perspective. Taking down the electrical grid on a limited scale and short time period is not difficult. Keeping the grid offline for an extended period of time, however, is a difficult task.  State actors are the only players with enough resources, staying power, and additional levers of power to accomplish such a task using the cyber domain.

Nation states, Neal Pollard noted, always look for a state’s weaknesses, and attacks do not happen in a vacuum. Indeed, the cyber threat to a country cannot be separated from day-to-day geopolitical tensions and rivalries. In other words, electrical grids as a target are simply part and parcel of war-planning and have been since before the cyber domain existed.

Further, the risk of a taking down electrical grids is not a new risk—it has always been a risk.  Falling trees and other kinetic disruptions have been disrupting power supplies for decades, and while cyber may be a new source of an outage, resilience of the system spans beyond cyber as a unique threat. Of course, the threats to these grids do not simply come from the cyber realm. As past weather events have shown, “mother nature takes down electrical grids all the time.” Despite this, the cyber threat is real and managing this risk should be included in overall general risk considerations. Additionally, cyber risk belongs among all other top-level risks managed at the highest levels of corporation.

To listen in to the entire discussion, please see the video and follow the Twitter stream at #CyberWednesdays.

Presented by the Atlantic Council and Zurich Insurance Group, the Cyber Risk Wednesday series provides an opportunity for government officials, business leaders, cyber security experts, and other stakeholders to discuss cutting-edge research and explore opportunities for collaboration in an informal setting.

Check out past Cyber Risk Wednesdays

October 23 | Risks in Cyberspace
November 20 | Exploring Cyber Insurance

Related Experts: Jason Healey and Neal Pollard