Print Page   |   Your Cart   |   Sign In   |   Become a member
Community Search
Organizational Resilience: A Call to Enhance Preparedness of the Grid
Share |

By Elton Parker, Matt Grossman and Sanjeet Deka

The Nation’s electrical grid is the lifeblood of American society and its economic well-being: each of the Department of Homeland Security’s 16 sectors of critical infrastructure, from communications to water systems, are almost wholly dependent upon the continued functionality of this complex and vulnerable network. The security of the grid and flow of electricity is threatened by an increasingly complex spectrum of disruptive events—including dated technological infrastructure, geopolitical tensions, a shifting regulatory landscape, natural disasters, insider threats, as well as technical and physical sabotage, among others. When this occurs, the effects ripple into the marketplace, classrooms, bedrooms and boardrooms.

Resilience can be defined as an organization’s ability to anticipate, prepare for, and respond and adapt to incremental change and sudden disruptions in order to survive and prosper. Organizational resilience can be achieved through the integration of incident management, crisis management, emergency management, disaster recovery, business continuity, and continuity of operations into a unified capability to:

  • minimize disruption through understanding the environment, anticipating incidents, and implementing controls to prevent / mitigate significant disruption;
  • respond to disruptive events by developing a clear command and control structure, a sound escalation framework, and a repeatable recovery plan; and
  • continuously improve the processes through the evaluation of actual disruptions and testing of the resilience processes.

Grid reliability and resilience has received increased scrutiny recently; particularly severe weather events of 2017 brought record devastation across Texas, Florida, and Puerto Rico. As electricity outages are disproportionately caused by distribution system disruptions, federal, state, and local government officials have been hamstrung in dealing with the frequency, duration, and extent of electrical power outages across communities.

And as our lives become progressively interconnected and dependent upon the ‘Internet of Things’ and technology, so too does the vulnerability of systems that depend on this ecosystem. A vast majority of critical infrastructure is run by information technology systems connected to the internet.

This vulnerability has been exploited by intelligence agencies in a number of high profile cases, perhaps most notable of which is the Stuxnet virus attack on a foreign nation’s supervisory control and data acquisition system; but systems in the United States are no less vulnerable. A recent report by University of Cambridge and Lloyd’s of London assessed the impacts of a major cyber-attack on the electric grid spanning from New York to Washington, DC. While unlikely, the probability of such an event is within the benchmark return period against which insurers must be resilient. Such an attack would leave about 93 million people without power, causing a rise in mortality rates, decline in trade, disruption of water supplies, and severe impairment of transportation networks, as well as a total impact to the US economy of $243 billion.

Thus, the challenge before executives who manage organizations comprising the national grid and supporting its vast infrastructure environment is to find new ways to adapt to fast changing conditions, identify potential threats to operations as early as possible and spot opportunities to strengthen its security and enhance its organizational resilience. 

One key element of industry-leading resilient enterprises is the employment of war gaming, modeling, and experiential learning as part of a rigorous testing, training, and exercise program.  By immersing a diverse group of stakeholders in a realistic crisis scenario, biases and assumptions can be challenged; existing plans and capabilities can be explored for gaps and vulnerabilities; and new and innovative ideas can be stress-tested without the expenditure of real-world capital. Progressive simulations and exercises over time can continually test and refine plans, while also identifying both structural and performance gaps. These efforts can yield increased confidence throughout the organization, particularly at the leadership level, to not only act decisively and quickly during a crisis, but also be more effective and efficient in its preparation before the crisis occurs.

As seen from this year’s disastrous hurricane season, the time to know how well an organization’s incident response, disaster recovery, and crisis management plans will stand up to the threats it will eventually face is not in the heat of the moment. To truly become resilient across the broadest range of possible disruptions, an organization should actively seek to challenge cognitive biases, stress test assumptions of existing plans and processes, and continually anticipate and look for indicators and warnings of the next disruption. To help accomplish these tasks, a key first step is to look inward and routinely ask two questions:

  • Are we as prepared as we think we are?
  • Are we as prepared as we need to be?

A viable resilience and risk management program is critical to maintain the basic operational functions of our national grid system.  To meet the challenges of the future, people, processes, and technology must all come together as one comprehensive effective resilience support team. 

Elton Parker (Specialist Leader), Matt Grossman (Specialist Master), and Sanjeet Deka (Senior Consultant) focus on risk, resilience and preparedness at Deloitte.

Return to The Current

Sign In


5/27/2018 » 6/27/2018
It's Election Time!

WCEE's Board of Directors June 2018 Meeting

WCEE's New Member Breakfast