WHEN INNOVATION MEETS RESILIENCE IN THE POWER GENERATION INDUSTRY

Across all industries, innovation—the ability to adapt to changing market circumstances and create a competitive advantage—is vital for business resilience. Innovation can take many forms. Releasing new products, entering new markets, or changing processes to become more efficient are all examples which can bring significant opportunities.

In 2019, innovation across many sectors was focused on embracing digital technologies such as the Internet of Things and machine learning. While the impact of these advancements could be significant, innovation can also bring risks. In industries that rely on machinery, digitisation and greater connectivity could result in physical damage to equipment and property as a consequence of increased exposure to cyber attacks.

These exposures can appear in a variety of different forms. Of particular concern in the power generation industry is the potential for industrial control systems to be compromised. Greater interconnectivity of machinery and operating systems, specifically designed to be remotely accessed, increases the opportunity for cyber-related disruption.

If a cyber attacker maliciously causes a piece of machinery, such as a turbine, to over speed, it could lead to various escalating issues, including increased vibrations, overheating, blade liberation and finally an explosive destruction of the turbine, from which a fire is likely to follow. In this case, one cyber attack could cause an entire facility to become unable to operate as intended, potentially losing business revenue and market share.

Cyber crime tactics and targets are becoming ever more sophisticated. Motives increasingly go beyond financial gain to disrupting or destroying national infrastructure, with industrial control systems becoming increasingly likely to be targeted.

The potential damage sustained makes the argument for the importance of comprehensive risk management within the power generation industry clear. In many markets, legislators are swiftly facing up to the threat that power generators face, and the potential security and societal effects a loss could cause.

On April 1, 2019, the Swedish government introduced the Protective Security Act, which expands the legislative framework of safeguards to shield the country's critical infrastructure from cyber attacks. This legislation requires that various industries operating in Sweden, including energy suppliers, undertake preventive measures, including stringent cyber security requirements, to better protect information and critical operations.

With the escalation in the number and type of threats as well as their severity, Sweden recognised the disruptive potential of such attacks, especially against vital public services and critical infrastructure for the country.

Of particular concern for legislators in Sweden was that many companies were not aware of their cyber preparedness levels, reducing trust that nationally critical infrastructure is adequately protected. Fortunately, third-party experts are able to work with power generators and help them to better understand cyber risk exposure, ensuring that the new requirements of the Protective Security Act are met.

As a global commercial property insurer, FM Global continues to refine its systematic approach to mitigating cyber risk. It's why FM Global's team of cyber experts developed the patented Cyber Risk Assessment tool to help reduce clients' vulnerabilities at the enterprise level.

The assessment provides insight into cyber exposure, after which appropriate risk management actions, including creating policies that limit data access to only those that need it, improving physical security to sensitive areas and data centres, encrypting data and implementing two-factor authentication should be enforced.

Modernisation is vital within any competitive market, but the power generation industry must be aware that innovating can create new exposures. Facilitating adoption of innovation while managing the risks involved depends on a clear understanding of these risks, and partnership with a knowledgeable insurer can help significantly with this. At the same time, utilising tools to accurately assess and mitigate emerging risks, such as cyber, can help companies ensure innovation leads to resilience, rather than disruption.

This article first appeared on Energinyheter.se.

Read about FM Global's Cyber Risk Assessment here.