Ensuring CRE’s Resilience, Resistance to Cyberattacks

As stakeholders grapple with the challenge of protecting the electric grid against cyberattacks, the commercial real estate industry can take steps to reduce its vulnerability.
More than 4/5 of organizations are highly or fairly confident their insurance policies would cover the costs of a cyber event. Chart courtesy of Marsh

The U.S. electric grid confronts real threats on a daily basis and the vulnerabilities must be prioritized and thwarted in a cohesive, comprehensive manner. That’s the gist of a recent call to action from Protect Our Power (POP), an Orlando, Fla.-based non-profit advocacy group. The group urges steps to make the grid more resilient and resistant to external threats.

There’s much that can be done by decision makers and public policy influencers, as well as by commercial property executives. From instituting cybersecurity hygiene training programs, to establishing microgrids providing alternative power, to working within associations to ensure technical guidance, the commercial real estate industry can play a vital role in the effort.

Vetting supplies

Addressing grid threats demands a mix of government funding and regulatory incentives capable of spurring cybersecurity investments by utilities, POP reported. Because the grid is only as secure as its weakest link, sharing cybersecurity insights between government agencies and utilities remains essential in recognizing and repelling incoming attacks.

READ ALSO: COVID-19 Highlights the Need for Smart Building Cybersecurity

Also critical is vetting the supply chain to ensure appropriate purchases are made from more than 1,000 vendors of products and services intended to stymie cyberattacks.

Are we using reliable components to support the infrastructure? That will be one of the aspects of cybersecurity the energy sector can expect to focus upon,” said Matt McCabe, senior vice president in the cyber practice at Marsh, the insurance broker and risk-management consultant. “It’s already started and it’s going on in other industries.”   

The utility industry’s Electric Subsector Coordinating Council—including investor-owned utilities, public power utilities, rural co-ops and federal agencies—monitors and detects threats and communicates within the industry. “From an early warning perspective, the utility industry and federal government are doing an adequate job,” said Jim Cunningham, POP executive director. “But from a preparation standpoint, we have a lot to do in terms of putting in place a more resilient electric grid,” he said.

In addition, states must be ensured to have the expertise and resources needed to regulate the power industry. POP favors taking a national approach, involving a collaborative effort between the states and the federal government to make the grid more secure. Such an effort must involve “cleaning up the clutter,” according to Cunningham.

Another issue is the overlapping authority of stakeholders. A plethora of Congressional committees, federal agencies and state jurisdictions have control over cybersecurity-related legislation—a situation that creates confusion. “We need a better definition of authority, and therefore accountability and responsibility,” Cunningham noted.

CRE’s Role

Steps that commercial property owners and operators can take to remain resilient to attack start with a good cybersecurity hygiene training program. Cyberattacks can infiltrate company systems in numerous ways, but cybersecurity hygiene training programs can alert employees to what they should do to ward off attacks, and, more important, what they shouldn’t do. These include protocols for opening emails and using USB flash drives and sticks, Cunningham said.

Image courtesy of XYPRO Technology Co.

Additionally, CRE’s development of distributed generation systems to reduce carbon footprint and gain economies can also help foil cyberattacks, making companies more cyber-resilient.

“The infrastructure needs to be put in place, but by relying less on the grid, you’re reducing your threat of cyberattack,” said Steve Tcherchian, chief product officer & chief information security officer for XYPRO Technology. “Resilience relies on alternative sourcing, and your ability to avail yourself of those alternative sources if your primary supply fails,” Tcherchian explained. Decreasing costs and government incentives make this a good time to use solar power, he added.

Another option, albeit a stopgap with limited effectiveness, are well-designed generators. “Establish which powered items are the highest priority in advance of any crisis. Proper prioritization will get you at least a bit further down the road,” Ken Presti, vice president of research and analytics at Avant Communications, a Chicago-based technology distributor and platform for IT decision-making, told Commercial Property Executive.

READ ALSO: Examining the Digital Transformation During COVID-19

Commercial real estate organizations also have a role to play. According to Cunningham, it’s increasingly important to work within associations to ensure access to consultants offering guidance in building more secure systems.

The real estate industry is a key player in public policy. As such, it should leverage its clout to ensure that a more secure power grid remains a priority issue on its agenda, experts say. Cunningham argues that in three years, stakeholders should be able to “look ourselves in the face and say we have made substantial progress in ensuring our grid is secure and we have a process in place for continuing grid security improvement.