The mass deployment of smart technologies is transforming the traditional electricity grid system into a smart grid. But, this spending boom has outpaced the adoption of industry-wide safety and security best practices – leaving the sector vulnerable to cyberattacks and significant financial losses.
The Smart Grid Risk Snapshot, released today by the World Economic Forum, shows what is at stake, highlighting how much attacks on a smart grid would cost and outlining risk-mitigation strategies.
The utility and energy sector ranks the second highest in terms of predicted losses per company from a cyberattack, with an estimated $17.2 million per company per year. The financial services industry takes the top spot with an estimated $18.2 million in losses per company per year from cybercrime. The cost of a cyberattack on the smart power grid in the United States, for example, could be $1 trillion – roughly eight times the cost of the Fukushima nuclear disaster clean-up. A six-hour winter blackout in France could result in over $1.7 billion in damages.
“Fast-paced investment in IoT has brought the industry to an inflection point,” said Karime Kuri Tiscareno, project lead, Internet of Things, World Economic Forum.” “IoT is changing the way electricity systems operate and introducing clear benefits to consumers and companies. But, at the same time, it is opening new areas of risk. If decision-makers and industry players accelerate its implementation without proper safeguards, we will see large financial losses impacting the whole of society.”
Worldwide spending on IoT is forecast to reach $1.2 trillion in 2020. To put that into context, spending on IoT will be more than double the spend on digital advertising ($500 billion) and more than half the total spend on defence ($2 trillion). Utilities rank fourth among the industries forecast to spend the most and the demand shows no sign of slowing down as smart grid benefits become hard to ignore.
To help companies plan for and prevent these risks, the Smart Grid Risk Snapshot outlines the top three ways businesses can mitigate risk.
Balance priorities. Priorities need to balance innovation, adaptability, agility and efficiency with safety, investment, resiliency and security. A lopsided approach will result in increased risk. These eight priorities have been highlighted by industry experts who contributed to the research.
Implement proactive safeguards and internal risk management: Proactive safeguards and internal risk management for IoT technology, including top-level accountability and information sharing, is necessary as companies develop increasing dependences on data-driven automated systems.
Create an organizational culture of awareness. Insurance data shows two-thirds of cyber insurance claim incidents are the direct result of employee behaviour, for example, negligence leading to lost devices. Talent shortages, skill deficits and employee engagement also contribute to the bulk of financial losses so far from cybercrime. All-level employee education of cyber risk, not just building firewalls, will prevent most of the strain currently on the industry, according to the report.
With approximately one-third of all energy consumption growth by 2040 coming from buildings, the bulk of this energy consumption will come specifically from electricity. The Smart Grid Risk Snapshot spotlights how IoT deployment in the electricity sector can reduce emissions. In Australia, a full smart tech implementation could reduce emissions by 25%. The Edge building in Amsterdam, for example, uses smart grid technology to create adaptable and intelligent work spaces. Over a period of 10 years, the building will save 42 million kg of CO2, the equivalent of taking approximately 8,200 cars off the road for one year.
“A massive adoption of internet enabled devices is an inevitable change to our society and is key to the digitalized, green energy transition,” said Thomas Egebo, President & CEO of Energinet. “The reality of smart grids is that we are adopting a systems approach based on the many as opposed to a few. For example, many distributed assets versus a few powerplants, many micro transactions versus a few aggregated transactions. Digital authentication and access delegation must be adapted to this new reality. The cyber security threat is very real. The good news is that the technology already exists, all we have to do is implement it at scale”
“Safe and responsible IoT deployment across the electricity grid can lead to a reduction in greenhouse gases, efficient resource management and consumer cost savings,” Kuri said. “But, the industry needs to collectively address the risks to ensure that innovation can scale and accelerate the benefits for all of society.”
Market forces could play a critical role in helping establish and catalyse new norms and best practices for the security of industrial IoT devices and systems. Lower insurance premiums prompted millions of business and consumers to install fire and security systems. Through this project, financial incentive structures–tying minimum security standards and practices to the sale and pricing of cyber insurance policies or to capital investment decision-making – will be applied to industrial IoT deployments across industries.
During the past year, more than 24 companies, governments, organizations and universities have collaborated with the Centre for the Fourth Industrial Revolution to co-design the Industrial IoT Safety and Security Protocol. This first-of-its-kind policy framework generates an understanding of how insurance can facilitate the improvement of industrial IoT security design, implementation and maintenance practices. It also sets forth a universal set of security best practices that should be incorporated in all industrial IoT deployments. The Protocol is now being implemented and tested across industries, starting with the aviation and electricity sectors.