4 min read

Cyber Risk Quantification and Management for Electric Transmission & Distribution Systems

Featured Image



Without the electrical grid, life as we know it simply grinds to a halt. In this digital world, pretty much nothing works without electricity. It is the backbone of our civilization. Which makes it crucial to protect and defend our electrical grid from cyber digital threats.

Graphic illustration showing how the electricity grid works

Source: US Government Accountability Office -GAO-

Why are Transmission and Distribution (T&D) systems targeted? Electrical system facilities are, and will increasingly become, the target of cyber-attacks from different actors: nation-state sponsored actors that attack these systems with the aim of harming a rival or troublesome country such us the case of the cyber-attack in Estonia in 2007, initial phases of a military operation as seen in Georgia in 2008 and in Ukraine in 2014 and 2022, cybercriminal groups in Korea Hydro and Nuclear Power in 2014  or activists (Anonymous).

This is due to several reasons: electricity is used for practically all the productive sectors of a country, as well as for many of its infrastructures. Including critical infrastructures like Chemical, Commercial Facilities, Communications, Critical Manufacturing, Dams, Defense Industrial Base, Emergency Services, Energy, Financial Services, Food and Agriculture, Government Facilities, Healthcare and Public Health, Information Technology, Nuclear Reactors, Materials and Waste, Transportation Systems, and Water and Wastewater Systems.

Critical Infrastructure

Source: US Cybersecurity & Infrastructure Security Agency -CISA-

In other words, by attacking the electric transmission and/or distribution network, the entire social chain is weakened, both in terms of security, health, production and welfare of a country or region. It is therefore a very attractive target for both damage and economic gain, whether direct or indirect. It can be the target of very sophisticated and dedicated attacks, as well as very common random ones, such as a ransomware that would disable the control and protection systems of one or several substations, potentially causing a cascading event with catastrophic ramifications.

The T&D environment, unlike other industrial environments, is an environment of a very conservative, resilient and stable nature, where, above all else, the supply of electricity must not be interrupted at any time.

Historical shortcomings of power system control and protection systems.  The nature of the T&D sector avoids, whenever possible, any change in the installations that could lead to a shutdown and affect the continuity of the system. Added factors of complexity include the fact that any change is a long and costly process, the number of facilities or equipment to which any change should be applied, or in more drastic cases, having to change the equipment itself. It can easily reach the multiple thousands.

Also, the arrival of communications and interconnections in industrial installations, as understood in IT, with all the implicit advantages of remote control and maintenance, as well as monitoring and the consequent economic savings, mean that electric system control systems are exposed to all kinds of previously unimaginable attacks. The surface of attack has grown exponentially.

What risks can be found in the control and protection systems of electric systems? The control and protection systems, so suitable when they were air-gapped closed systems, are now exposed when applying IT technologies to them. They have never been as exposed to cyber-attacks as they are now, and they will be more and more exposed in the future. These control systems are largely dedicated systems, in some cases many years old and, and if they could be updated (many would not even allow it), it would require a titanic effort on the part of the teams of the electric companies that manage them. Therefore, we are faced with cyber-weak equipment, which has, among other things:

  • Operating system update problems, dragging all the vulnerabilities discovered in the system on which they were based.
  • Weaknesses in the developed code, with bugs and vulnerabilities of libraries used at the time of installation.
  • User management problems, since previously the only user was the technician who was in the plant and did not require identification as such.
  • Problems in communications, since the communications of these control systems are, in the best of cases, totally unprotected communications, if not practically primitive.

In addition, we must think that there are hundreds or thousands of these equipment installed in a wide geography and that their renewal/replacement, even having the means at hand, human and capital, (which many times are not available) is a titanic task and requires a long time planning to avoid affecting the system as far as possible. WE are talking about many years, not many months.

Add on top of that the variability of facilities that can be found in size, type, technology, function, age and criticality. And some fixed factors such as network topology, voltage level, criticality of the installation, etc. and other variables such as load flows and you can imagine the staggering size of the problem.

Due to all this, OT cybersecurity in T&D facilities has become a must, forcing to rethink the systems from a cybersecurity prism, and thinking that they are going to be attacked. It is not about if, but about when.

Which leaves us with the million-dollar questions: How much cyber risk do I carry in my electrical T&D Company’s Balance Sheet? What should I do first to mitigate my cyber risk being efficient in the use of my human and capital resources? How can I measure the efficacy of my cybersecurity programs? The answer is DeRISK.

The answer lies in the utilization of Cyber Risk Quantification and Management Platforms like DeRISK to  apply security to the new era of smart T&D grids.


DeNexus' DeRISK Cyber Risk Quantification and Management CRQM platform performs quantification and management of cyber risks for industrial organizations in T&D facilities combining data entered from standards such as NIST CSF,  ISO 27001, and DNX CSF (DeNexus' proprietary Cyber Security Framework), with Inside-Out Data seamlessly integrated from various passive and active monitoring solutions, and Outside-in Threat  Intelligence and Firmographics data about the facility, its owner and its operator(s).


Using technologies such as AI, ML, and Probabilistic Inference with operational metrics specific to T&D assets, the integrated data safely store in the DeNexus Trusted Ecosystem powers DeRISK delivering an enriched understanding of the overall risk profile. It enables decisions to be made from the convergence of cyber business metrics, substation Operational Technology and Cybersecurity, so that T&D organizations can holistically address the threats facing them from a technical and business standpoint, bridging internal silos and communication challenges.

Thanks to the Inside-Out Data, DeRISK identifies and quantifies the cyber risk associated with each substation in a T&D system, including the criticality of each substation and the potential cascade effect of each of them to the rest of the electric system, affected areas or zones, so that the potential impact in certain areas or zones can be captured in a faithful way.

When it comes to cyber risk accumulation, DeRISK analyzes the co-exposure of the different substations to the same one, as well as the interaction between them, capturing the cyber risk accumulation at the portfolio level in a holistic and comprehensive way.

By synthesizing all of this data, DeRISK translates multifaceted insights into quantifiable business impact, thus allowing for well-informed, strategic decision-making facilitated by DeRISK Cyber Project Simulator that aligns with both organizational goals and risk tolerance. This holistic approach provides an enhanced security posture that meets the high standards of multiple leading industry guidelines.



DeNexus understands the trajectory of smart Electric Transmission and Distribution grids, and the growing intricacies it brings. By marrying Cybersecurity Risk Quantification and Management CRQM with the operational nuances of the Electric Transmission and Distribution sector, DeRISK stands as a testament to the future of secure, efficient, and resilient Electric Transmission and Distribution in the age of digital transformation.



Click Here to read more about the DeNexus Knowledge Center and the DeNexus Trusted EcoSystem.

Click Here to learn more about DeRISK, a comprehensive Cyber Risk Quantification and Management platform!


See the Dashboard and Access The DeRISK Platform! 


DeNexus Partners with Claroty to Mitigate Operational Technology (OT) Risk in the Critical Infrastructure Industry

Strategic partnership and native integration will allow users to

more simply and comprehensively quantify and manage OT risk

Read More

DeNexus Accelerates Momentum with Strategic Investments from Leading Energy and Insurance Companies

Investments to Fast-Track Company Mission to Establish the Global Standard for Industrial Cyber Risk Quantification

Read More

DeNexus Expands Cyber Risk Management Solution to Manufacturing and Energy T&D

DeRISK empowers companies to regain control over their cyber risk

Read More