A survey of over 20,000 utility employees found that cyber threats are what they fear could have the biggest impact on operations.
The BRIDGE Energy Group’s 2018 BRIDGE Index™ Grid Security Survey found that 35 percent of respondents cited cyber threats as the factor most likely to impact their operations, more than double the next largest cited factor of critical employee retirements.
The survey also found that the firms surveyed varied in how they allocated responsibility for managing cybersecurity risks. Thirty percent allocated such responsibility to their compliance team, while 27 percent allocated it to asset owners.
“Utilities will need to re-think their own provisioning of internal Cybersecurity and CIP Compliance
services to reduce burdens and free-up minds and resources to address the challenges ahead,” BRIDGE Energy Group said.
In terms of critical infrastructure protection, the survey found that less than half of respondents have major compliance projects planned for the coming 24 months. This figure has jumped from 28 percent to 47 percent since last year, though.
“After over 10 years of CIP Compliance it is surprising that utilities have not yet integrated the concepts of compliance into their cybersecurity programs to reduce exposure to change,” BRIDGE Energy Group said. “Utilities cannot afford CIP+ but they can adopt strategic cybersecurity policies that drive sustainable compliance solutions.”
The survey also revealed that knowledge gaps are broad, particularly within critical infrastructure protection compliance, operations technology and security tools. Twenty-one percent of respondents reported knowledge gaps within their organization’s current staff in CIP compliance, 20 percent within operations technology and 18 percent within security tools.
The respondents surveyed included representatives from electric, gas and water companies, and 54 percent were managers or department heads.
