Analysis
Utilities: Energy & Power, Water, Waste

How States Can Protect the National Electric Grid

November 20, 2019
National Electric Grid

A new report reveals how states can bolster the cybersecurity of the national electric grid. This week, Vermont Law School’s Institute for Energy and the Environment released Phase 2 of a study done in partnership with non-profit grid advocacy group Protect Our Power. The report identifies how states and state utility commissions can use existing tools to better secure distribution systems and prevent massive disruption.

According to the report the utility industry has expressed concerns that current information sharing practices are hampering their ability to respond to emerging cybersecurity threats. As part of the study, IEE looked at state statutes, regulations and utility commission orders from more than two dozen states, including California, Florida, Iowa, Michigan, New York and Pennsylvania, in an effort to examine how the need for more information sharing competes against the need for enhanced information security.

“The complex nature of each of the issues means that simple solutions are not going to work,” the report states. “What will work are tools that help information move between utilities and regulators, incentivize investment while protecting the public interest, assess system performance and system needs, and ensure that cybersecurity is a fundamental objective of grid modernization plans.”

Information sharing is valuable to system operators and systems regulators, however it can also be used by hackers to infiltrate the very systems utilities are trying to protect. Keeping this information secure is vital, but according to the report, state disclosure laws can impact efforts to keep information confidential.

[optin-monster-shortcode id=”dv4jqlr9fih8giagcylw”]

IEE’s Phase 2 report identifies state-level barriers currently preventing secure information sharing that could allow for grid security enhancements. It also supplies statutory and regulatory approaches states can take to facilitate the sharing of confidential security information. The report also provides insight on how organizations can better assess utility security practices, incentivize cybersecurity investments and evaluate system performance.

“Action is needed to reduce the impact of a major cyberattack on the nation’s distribution grid, and this report provides concrete steps towards ensuring a more resilient grid,” said Mark James, project lead and adjunct professor at Vermont Law School. “Our research identifies pathways for utilities and utilities commissions to reduce existing barriers to investment and increase system resilience.”

IEE’s findings suggest that cybersecurity reports, smart electric grid reports and management and operations audits can reduce the “information asymmetry” that exists between utilities and their regulators. The report also indicates that resiliency metrics are a critical tool for assessing cyber preparedness and suggests that state commissions can draw on the historic deployment of reliability metrics to develop their resiliency metrics programs.

“This work highlights how states and their regulators, along with industry, are beginning to meet the challenges for protection of our critical infrastructure. Our prior works on these issues brought focus to how difficult these issues can be for industry and regulators to encourage the investments while keeping in mind the benefits but costs to customers,” Richard Mroz, Protect Our Power senior advisor for state and government relations, former president of the New Jersey Board of Public Utilities and former chairman of the National Association of Regulatory Utility Commissioners’ Critical Infrastructure Committee, said in a press release.

Rebecca Addison
Industrial Cyber Editor. Rebecca Addison is a former newspaper editor with a decade of experience in the media industry. During her career, she has interviewed world leaders and corporate CEOs, and covered topics ranging from blockchain and CBD to healthcare and education.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
Kaspersky ICS CERT reports on escalating consequences of cyber attacks on industrial organizations
E-ISAC releases report on GridEx VII exercise, highlighting recommendations for grid security and resilience
E-ISAC releases report on GridEx VII exercise, highlighting recommendations for grid security and resilience
DOE must remain lead cybersecurity agency for energy sector, Energy and Commerce Committee indicates
DOE allocates $15 million to establish university-based electric power cybersecurity centers
Vulnerability handling according to the European Cyber Resilience Act (CRA)
Vulnerability handling according to the European Cyber Resilience Act (CRA)
EclecticIQ details Operation FlightNight targeting Indian government entities, energy sector
EclecticIQ details Operation FlightNight targeting Indian government entities, energy sector
US White House and EPA warn governors of cyberattacks on water systems, call for enhanced security measures
US White House and EPA warn governors of cyberattacks on water systems, call for enhanced security measures
Comprehensive Guide to Integrated Operations 1
Comprehensive Guide to Integrated Operations (Part 4)
Comprehensive Guide to Integrated Operations 1
Comprehensive Guide to Integrated Operations (Part 3)