"It's a surprise we haven't seen more attacks on public utilities..."

From smart thermostats to fitness trackers, companies are gathering a great deal of data.  Utilities leverage their data to serve customers and forecast grid operations.  Data allows companies to understand different demographics, anticipate trends, improve efficiency and reduce waste.  Data can be a powerful tool for companies but collecting it comes with its own set of challenges.  “Good data quality is a process and to achieve it, utilities and industry need to take advantage of best practices.  They should consider data as one of their primary assets,” explained David Kirkland, Solution & Innovation Director, Oracle Utilities EMEA.

If data becomes a primary asset for utilities, they need to protect it from attack.  “We have these companies that are amassing just gigantic amounts of data about each and every one of us, all day, every day,” said Kate Ruane, senior legislative counsel for the First Amendment and consumer privacy at the American Civil Liberties Union. However, as companies become more data-centric, the risk of data breaches increase.  T-Mobile recently suffered a data breach that affected at least 40 million people. Utilities are not immune to these threats.  In fact, Saryu Nayyar, CEO at cybersecurity firm Gurucul stated, "It's a bit of a surprise that we haven't seen more attacks on public utilities, but there is no question that more are coming.”  Earlier this year, Colorado's Delta-Montrose Electric Association (DMEA) was the target of a cyberattack that took down 90% of its internal systems and caused 25 years of historical data to be lost.  The power grid and fiber network were not targeted but the utility is still rebuilding its systems. In general, Gary Ang, director at Singaporean utility SP Group, said utility companies are struggling with data protection and security.  He continued, “It is hard to move to data-centric operations.”  Utilities are also giving more consideration to what information they share and with whom.  This month, utility giants have agreed to stop selling sensitive information to Immigration and Customs Enforcement (ICE).  On a consumer level, the United States currently doesn’t have a singular data privacy law.  Only three states have spelled out comprehensive consumer privacy laws; California, Colorado and Virginia.  Some are vying for federal data protection regulations to be enforced across the country. “We need a federal law that thinks about things in a much more consistent approach to make sure that consumers understand and have the right expectation over rights that they have in their data,” said Whitney Merrill, a privacy attorney and data protection officer.

Cyberattacks have made data privacy and security a priority.  We can expect to see government agencies and utility companies expediting privacy and data management.  Every time data is collected and then sold or shared with a third party, the risk of a breach increases. How will your utility protect company and consumer data from attack?  Should we expect to see more federal regulations on how data is managed?