Cyber Security – A Growing Priority for the Electric Grid
Cyber Security Requires a Change in Strategy
Electric Grid
With the electric industry trend toward implementing Smart Grid and AMI, the definition of electric grid security has broadened from guarding against weather-related outages to protecting against the possibility of cyber attacks. The challenge is even more pronounced as the nature of the threats is likely to evolve as the sophistication of these cyber adversaries increases.
The Energy Policy Act of 2005 addresses the means to deal with routine, non-emergency cyber security issues by applying a stakeholder process with the North American Electric Reliability Corporation (NERC) and ultimately the Federal Energy Regulatory Commission (FERC) to develop legally binding and enforceable reliability standards. Though comprehensive, this process does not lend itself to the immediacy that can characterize a national security emergency. Rather, a more proactive strategy and process is called for to:
- Identify specific threats that are deemed serious enough to warrant a special federal order to protect the bulk power system.
- In concert with the issuance of this order, ensure that only one federal agency is assigned responsibility to address the threat (i.e. avoid confusion).
- Limit this type of action to the bulk power system only (refer to Section 215 of the Federal Power Act), as the diversity of assets, utilities, and conditions among the electric distribution systems would significantly complicate the writing of orders, offsetting any benefit of this proactive approach.
- Further, limit the scope of these actions to cyber threats only (as compared to physical threats) as physical threats can more appropriately be handled by existing law enforcement agencies.
- Last, place a time limit on any emergency order (perhaps 90 days), and allow for the normal NERC processes to establish standards to address this and future similar threats.
Coordination and Tighter Standards are Necessary
Other measures outside those dealing with the legislative approach are required to protect the electric grid against cyber attacks. These include:
- The electric utilities (and their affiliates) will need to continue to work closely with the governmental agencies (FBI, Department of Homeland Security, DOE, DNI and FERC) to ensure coordination and an optimum exchange of intelligence.
- Equipment vendors will need to be vigilant regarding security practices and the building of security-related features in the products.
- The initiatives underway at the National Institute of Standards and Technology to establish the framework for a secure and interoperable smart grid will need to continue, and act as a lead in to a security certification program to test and certify that components and systems meet specific security requirements.
Cyber Security Tied to Realization of Smart Grid Benefits
There is no question that Smart Grid will be a catalyst for transforming the manner in which electricity is transmitted, distributed, and used. The benefits favor both the electric utilities and their customers. Proper cyber safeguards are will be an integral part of Smart Grid to realize the full potential of these benefits.
Blog this!- Bookmark on Delicious
- Digg this post
- Recommend on Facebook
- Share on FriendFeed
- Buzz it up
- Share on Linkedin
- Share via MySpace
- Share on Orkut
- share via Reddit
- Share this on sphinn
- Share with Stumblers
- Tumblr it
- Tweet about it
- Buzz it up
- Subscribe to the comments on this post
- Print for later
- Bookmark in Browser
- Tell a friend
Leave a Reply 
