via The Hill
As utilities across the country progressively interconnect generating resources and upgrade transmission and distribution systems, they increasingly rely on highly automated digital controls and digital communications to control the flow of electricity. While this modernization of the grid is helping to make power more affordable and create new products and services for electric customers, it also introduces new security concerns. A newer, smarter grid includes devices and connections that create avenues for intrusion, malicious attacks and other threats.
Designing and operating an electric system that prevents cybersecurity events from having a catastrophic impact on the grid is the challenge we must address. Members of the Senate Committee on Energy and Natural Resources have tried to do just that by voting unanimously on May 26 to approve a bill (S.1342, the Grid Cyber Security Act) that addresses cybersecurity of the nation’s critical electric infrastructure.
What is the most urgent challenge facing the electric power sector today? Ask four experts and you may hear five different answers. Many of these answers focus on long-term challenges and undertakings: building a smarter grid, integrating renewable generation or increasing customer choice in how they use their electricity.
All these long-term initiatives, though, require a national electric grid that is reliable and secure. The electric grid serves more than 143 million American customers and has to operate without interruption every moment of every day to transfer electricity affordably across the nation. It also is a key foundation of our national security. Department of Defense installations rely on commercial power for nearly 99 percent of their power needs. Because our grid is highly interconnected, a line outage or system problem in one region can adversely affect system reliability in other regions.
The Grid Cyber Security Act takes two significant steps, building on the existing legal framework for addressing grid reliability. First, it grants the secretary of energy the authority to order utilities to take actions to protect critical electric infrastructure against imminent cybersecurity threats. This fills a massive security gap, as no federal official has authority to act in such instances. This provision is broadly supported by the utility industry and the North American Electric Reliability Corporation, the entity charged under current law with developing standards for grid reliability.
Second, the bill provides that the Federal Energy Regulatory Commission and the NAERC will cooperate in addressing weaknesses that may expose electric infrastructure to cybersecurity threats. It is structured to preserve the established roles of industry and government in addressing cybersecurity vulnerabilities. Both roles are significant, given the level of private ownership of the grid and sophisticated and ever-evolving threat environment.