By Amy Thomas, Government Relations Director, American Public Power Association
Cybersecurity has dominated the news lately — alleged Russian interference in the 2016 Presidential election, WikiLeaks, massive retail data breaches… the list goes on.
Public power and all electric utilities take very seriously their responsibility to maintain a strong electric grid. As the grid evolves, unfortunately, so do threats to its integrity. The threat of cyber attacks is relatively new compared to long-known physical threats, but an attack with operational consequences could occur and cause disruptions in the flow of power if malicious actors were able to hack the systems that control and connect to our nation’s electricity infrastructure at any level.
Here are five things you probably didn’t know about cybersecurity and the electricity industry:
- The electric utility sector is the only critical infrastructure sector (besides nuclear power plants, which are a part of the overall sector) that has mandatory and enforceable standards in place for cybersecurity. These standards were established by Congress via the Energy Policy Act of 2005.
- The regularly updated, highly technical cybersecurity standards that govern electric utilities are drafted by the North American Energy Reliability Corporation, approved by the Federal Energy Regulatory Commission, and enforced by fines of up to $1 million per day per infraction.
- The process for crafting cybersecurity standards for utilities has provided, and continues to provide, a solid foundation for strengthening the industry’s security posture and allowed standards to evolve with constantly changing threats.
- Standards alone are not enough to protect the grid. That’s why the American Public Power Association and our member utilities have worked to develop close partnerships with others in the industry and the federal government. We share threat information to prepare for and respond to cyber attacks.
- The Association recently signed a three-year cooperative agreement with the Department of Energy for up to $7.5 million to help public power utilities better understand and implement cybersecurity protections, resiliency, and advanced control concepts.
Public power believes the current regulations and standards established by Congress in 2005 provide a solid foundation for strengthening the industry’s security posture. These standards are dynamic as they evolve with input from subject matter experts from across industry and government.
The electricity industry realizes that it cannot possibly protect all assets from all threats at all times. Instead, the goal must be to manage risk, prioritize facilities and equipment, and develop contingency plans. Close coordination among industry and government partners at all levels is essential to deter attacks and prepare for emergency situations — the Association will continue to invest considerable resources into this effort.