How to Prepare Your IT Organization to Survive a Major Power Grid Collapse

As temperatures rise and more power-hungry devices -- including electric vehicles -- come online, regional power grids are beginning to feel the strain. Earlier this year, the North American Electric Reliability Corp., a non-profit organization that oversees the dependability of North American power grids, warned that some areas are already facing risks of electricity supply shortfalls during periods of more extreme summer conditions.

The impact of a widespread power outage on an organization’s IT operations varies greatly, based primarily on how much they have invested in protecting themselves from this type of catastrophe, says Dale Penny, NetDevOps engineer at network infrastructure automation firm BackBox. “For organizations that don’t invest the time and effort needed to implement best practices for data management and service reliability, a power grid collapse could trigger significant data loss and corruption as well as disrupt critical services that their customers rely on.”

Potential Impact

A grid collapse would immediately halt power service over a wide area for hours or days. IT systems rely on electricity to process, exchange and store information, says Alexandre Parisot, ecosystem director, AI and Energy Systems, at Linux Foundation Energy. “Therefore, we can expect many systems to become unavailable, dysfunctional, or even experience the loss of valuable data,” he notes. A grid failure would also cripple the organization’s ability to cool its data center.

Related:2023 Cyber Risk and Resiliency Report: How CIOs Are Dueling Disaster in 2023

In offices, local-area networks would be immediately affected. Servers and centralized systems would remain available for only a limited amount of time, since even the best backup generators are usually designed to supply electricity for only up to a few hours. Meanwhile, the IT workforce, which usually has no problem dealing with service issues under normal conditions, would experience difficulty doing so in a large-scale event, due to their inability to connect to systems remotely or possibly even physically, Parisot says.

Preparation Steps

To minimize a grid failure’s operational impact to the greatest possible extent, IT organizations need to establish a strong business continuity plan. “They should invest in redundant power, regularly tested failover systems, training staff in emergency procedures, and using geo-redundant cloud services,” Penny advises. He also recommends migrating from traditional on-site data centers to public cloud services. “Leveraging multiple geographic zones will limit the impact of outages,” Penny says, noting that planning should involve the entire leadership team, including the CTO or CIO, IT managers, and DevOps and security teams.

Related:Does Your Disaster Recovery Plan Really Work?

Sourya Biswas, technical director, risk management and governance, at IT security consulting firm NCC Group, believes that the best way to prepare for a power grid collapse is to practice with simulated events. He suggests creating a business continuity plan (BCP) that incorporates regular testing. “Testing can range from a tabletop exercise that discusses the order of operations with stakeholders in a conference setting, to a full interruption test in which the connections are actually disrupted to evaluate the controls in the business continuity plan.”

Get Ready

Power grid threats aren’t new. Natural causes, such as solar storms, wildfires, and extreme weather conditions can quickly deactivate power grids, as demonstrated in Texas in 2021 and California and Arizona in 2011.

Meanwhile, the probability of intentional cyberattacks continues to grow, Biswas warns. He points to the fact that energy is the highest targeted US industry by cyber attackers. While enterprises are already familiar with cybercriminals stealing personal and financial information, most aren’t prepared to deal with state actors that target industries in an effort to cause widespread disruption. During the ongoing Russia-Ukraine conflict, there have been several reports of Russia trying to take down Ukraine’s power grid.

Related:How to Future-Proof Your IT Organization

Playing the Odds

The odds of a major grid collapse occurring increases every year. The events most likely to induce a power grid failure include weather-related incidents, non-weather-related natural disasters (such as wildfires, earthquakes, tsunamis, and even rare, yet potentially devastating, high-intensity solar storms). Additionally, Penny says, there are the threats posed by state-actors and random acts of terrorism. He points to the assault on two electrical substations in Moore County, North Carolina, in 2022 that left approximately 40,000 customers powerless for four days, as an example of power grid terrorism.

While the danger is real, IT leaders can take some solace in the fact that complete national or regional grid collapses are infrequent and unlikely in most parts of the world. “In the United States, the last event fitting the description was in August 2003,” Parisot says. “Prior to this, we have to go back to November 1965.” In both cases, events leading up to the failures were carefully examined to understand the root causes and strengthen the grid.