Turning risk into results: Americas power & utilities snapshot
Utilities need to determine how they will mitigate the risk and to what acceptable level of exposure.
Today, utilities need to shift to a more sophisticated assessment and articulation of risk.
Risk mitigation opportunities may include the following:
- Shifting from a compliance culture to a risk culture
Given the age of infrastructure and a number of recent well-publicized pipeline failures, it is not surprising that critical asset risk has senior management and board attention.
In the past, utilities largely used a qualitative prioritization process to make replacement decisions. These decisions were largely determined based on prescriptive regulatory compliance and rate case approvals.
Today, utilities need to make risk-informed decisions that are coordinated with regulatory recovery. Utilities should also consider alternative mitigation activities that are supported by modeling analytics.
- Data integrity in reporting to regulators
It takes many years and repeated, consistent performance to develop the trust relationship with a regulator. One mistake could lose that trust.
Utilities are often challenged to effectively respond to a regulator because of the number of people and systems involved, as well as the sheer volume of data. This is further complicated when dealing with multiple jurisdictions and the associated cost allocation challenges that need to be resolved.
- Capital project management
To achieve the goals of cost containment and certainty, utilities must have established processes and controls to forecast, manage and track performance. They also need to have effective governance and oversight protocols in place to confirm compliance and performance against stated goals.
- Identifying, evaluating and responding to emerging risks
Understanding the effect of rapid or extreme impact events can assist in avoiding, surviving or even exploiting unexpected events.
Environmental scanning uses a set of directed, integrated tactics across the utility to continually seek out, analyze and disseminate critical information that impact key areas of business and operations. It enables companies to anticipate, prepare for and capitalize on a range of external forces that change the business landscape with ever greater speed and disruption.
- Responding to the new security threats
The industrial control systems that provide automation for critical infrastructure have recently come under increased scrutiny, and the need to protect current infrastructure, as well as integrate security into new system design, is now a top priority.
Penetration testing has become the latest trend in the industrial control system space. However, the cultural and technological differences between control systems and traditional IT systems have caused confusion around how to perform a penetration test safely and effectively.