- Cybersecurity is moving up the ranks of utility industry concerns and now polls fourth, up from sixth, Black & Veatch said in its annual survey of the electric industry's strategic direction.
- The increased focus follows decisions last year by federal regulators to bulk up physical as well as virtual security of the nation's power grid.
- While utility spending on security has typically lagged behind reliability and carbon control, new threats and a regulatory focus on grid defense could begin to drive additional investment.
Last year FERC adopted new standards for cybersecurity regarding critical infrastructure and reliability standards for guarding against physical threats. Now, Black & Veatch report cybersecurity has moved up two spots to number four among the top 10 industry issues, according to the firm's 2014 "Strategic Directions: U.S. Electric Industry" report.
“While the concept of asset security is not new, investments in generation, transmission and distribution to ensure reliability are typically the primary focus of capital spends,” said Dan Rueckert, head of the security and compliance practice in Black & Veatch management consulting. “But there is progress. For instance, one year ago, cybersecurity was identified as an area of concentration for major investments by only 1.7% of survey respondents. Physical security was not even polled.”
Physical security has been put on the back burner as utilities focus on reliability and environmental mandates, Rueckert said, but that is beginning to change. Black & Veatch said about half of respondents expect physical asset attacks will either stay the same or decrease.
"Without a regulatory mandate to increase investment in security or a clear-cut mechanism for obtaining rate relief from local public utilities commissions, 'non-core' investments are hampered," Black & Veatch said in an analysis of its report.