HOUSTON — Energy companies view safety as a top priority, but just 65 percent of utilities have cybersecurity program, based on responses to a survey released Wednesday.
Results of the survey by consulting firm Black & Veatch showed that many utilities are not planning on adopting computer security measures. And some respondents said they didn’t know if they’re companies have cybersecurity programs.
The responses illustrate a disconnect between many energy companies’ focus on physical safety and their knowledge of risks posed by increasingly automated systems that could be compromised.
“This level of automation helps drive efficiency, but it is important to recognize that each connected device also becomes a network access point subject to attack by hackers,” said a Black & Veatch report on the survey results.
The consulting firm surveyed 336 energy companies associated with the natural gas industry, including producers, pipeline companies and electric utilities. The survey found that most respondents believe natural gas prices will reach $4.50 to $5.99 per million British thermal units by 2020, up from the current futures price of about $3.62. A majority of survey respondents said they believed growing demand from electric power generation would be the main driver in raising natural gas prices.
On cybersecurity, one fourth of large utilities — those with more than 1 million customers — did not have a program in place, though some were in the process of developing a plan, according to the report. Of the small utilities surveyed — those with fewer than 100,000 customers — just a third had computer security programs in place, and 44 percent had no program and no plans to add one, the report said.
Sixteen percent of all respondents did not know if their utility company had security plans for their systems.
Hackers can pose serious risks to energy companies, with the potential to infect systems that could disrupt power supply or cause generation equipment to malfunction and even self-destruct. Although it would require sophisticated knowledge of a target facility, security experts warn that terrorist organizations or other nations could organize such an attack.
Malware offshore: Danger lurks where the chips fail
Attacks of lower sophistication could use malicious software to infect of critical equipment that could slow down or shut down.
Utilities without security systems also could be vulnerable to hackers attempting to steal valuable data, such as customer information or intellectual property.
Energy companies faced more cyberattacks last year than any other industry, according to the U.S. Department of Homeland Security. They continue to face higher frequencies of attacks than businesses in other sectors, according to data from security firms.