Utility Cybersecurity and Grid Modernization
USAID is supporting Latin American and Caribbean countries in improving the resiliency of electric utilities, regulators, energy authorities, regional organizations, and other energy sector stakeholders to manage cybersecurity challenges and lead digital transformation efforts.
USAID’s Priorities and Objectives for Advancing Cybersecurity in the Region
USAID is committed to combating cybersecurity challenges in partner countries that aim to undermine government legitimacy. In addition, USAID has published a Digital Strategy to encourage investment in digital ecosystems. Cybersecurity is critical to USAID Digital Strategy’s goal of achieving and sustaining open, secure, and inclusive digital ecosystems. As digital technology use expands, it is important to mitigate the growing vulnerabilities to stabilize the ecosystem and prevent cyber threats.
A 2019 study found that more than half of gas, wind, water, and solar utilities around the world have suffered from at least one cyber attack. USAID works with partner countries in the Latin America and Caribbean (LAC) region to identify, prevent, and mitigate cyber incidents which, if undetected, can cost millions of dollars in recovery.
Why is Cybersecurity Important? Why Now?
- Cyberattacks increased 131% March 2019 – March 2020
- One utility reports a 650% increase
The Caribbean Council reports that the costs of cyber incidents in the LAC region totals $90 billion annually. Cyberattacks increased by 131 percent between March 2019 and March 2020. One utility in the region reported that the number of identified attacks increased by 650 percent compared to an average year since the start of the COVID-19 pandemic. The impacts of a successful cyberattack can be devastating for an electric utility, with impacts ranging from damage to physical infrastructure and blackouts, to the loss of data and data theft, and even being beholden financially to bad actors through ransomware.
Now is the time to leverage resources, share knowledge, and coordinate strategies to fight the increase in cyberattacks, ransomware, and other malware.
Cybersecurity Assessments
In collaboration with the U.S. Department of Energy’s National Renewable Energy Laboratory (NREL), USAID is helping to shape the technical assistance and roadmaps that follow NREL’s assessment of an electric utility through its Distributed Energy Resources Cybersecurity Framework (DERCF) tool. This tool assesses utilities across three domains—Governance, Technical Management, and Physical Security—each with a number of sub-domains. Once utilities have completed the assessment, the DERCF tool will assess their “cyber-maturity” and identify priority areas of intervention. USAID is partnering with NREL to shape the guidance and planning required for utilities to address the outputs of their assessments.
USAID–NREL Cybersecurity Building Blocks Webinar Series
USAID and NREL developed the Power Sector Cybersecurity Building Blocks to assist energy stakeholders in improving security for the electrical grid. The eleven building blocks complement existing cybersecurity program standards by defining clusters of related activities within a balanced cybersecurity program and providing resources for each area.
USAID’s SUPER program and NREL are partnering with the Caribbean Electric Utility Services Corporation (CARILEC) to offer the Cybersecurity Building Blocks Webinar Series. Watch the webinars and register for upcoming sessions!
Caribbean Cybersecurity Regional Spring Forum
The Caribbean Energy Sector Cyber Summit will convene energy sector stakeholders, cybersecurity experts, international donors, and those looking to expand their cyber knowledge and capabilities to learn, grow, and network across this two-day summit. With events for all levels of cyber awareness, this summit will aim to enhance the Caribbean energy sector’s security and capacity to detect, respond, and mitigate cyberattacks.
Key Themes:
- The threat of ransomware and malware to the energy sector
- Cyberattacks as a threat to renewable energy development
- How cyberattacks can hinder a utility’s ability to deliver services and other impacts of successful cyberattacks
- Enhancing resilience in an increasingly remote environment due to grid modernizing technologies and the COVID-19 pandemic