Security of the nation’s electric grid has received a lot of attention lately. National Geographic’s October 27th airing of “American Blackout,” a docudrama about a nationwide blackout following a cyber-attack may have been fiction, but the threat is real. Reports of high-profile hacking attempts on electrical facilities by parties foreign and domestic, mischievous and nefarious, keep making front-page news. In fact, according to the U.S. Department of Homeland Security, the energy sector was the target of more than 40 percent of all reported cyber attacks last year.
Illinois’ electric cooperatives are already taking cyber threats very seriously. They’ve formed an information technology (IT) working group and held meetings to share security issues and solutions. They’ve also worked closely with the University of Illinois’ (U of I) smart grid and cyber security engineers to perform cyber security audits. And they’ve consulted with the U of I, which is a partner with Dartmouth College, Cornell University, the University of California and Washington State University in a Department of Energy funded project called Trustworthy Cyber Infrastructure for the Power Grid.
Electric co-ops are being proactive about cyber security. However, co-op engineers and IT professionals realize this is an ever-evolving threat that requires continuous improvements to protect smart grid systems against new cyber threats.
In today’s heightened political landscape, some have suggested that onerous government mandates—as opposed to our existing system that provides flexibility to meet new threats—are necessary to protect the electric grid from cyber assaults. But it’s not certain more regulations will make us safer. Consider these points:
• Government mandates can’t keep pace with innovation. Utilities, like electric co-ops, are always deploying new technologies—and so are cyber criminals and terrorists. Top-down mandates, by their very nature, will only address known dangers; a command-and-control approach means we’ll always be fighting yesterday’s battle.
• “Gold plated” cyber security measures are not the answer. It’s possible to build a car that will survive any crash. But the cost of such a vehicle would be astronomical. Utilities need the latitude to balance risk and cost for the good of the consumer.
• Compliance is not a deterrent. For some, federal rules create a false sense of well-being. The reasoning goes like this: “If I’m following all of the cyber security regulations that apply to me, then my system must be secure.” However, bureaucracy can’t decree processes that address every contingency. And any complacency opens the door to a possible cyber strike.
Continuous vigilance, innovation and improvement are the key ingredients to cyber security. Fortunately, Co-op Nation has taken a lead role on this issue. In addition to thousands of hours spent by electric co-ops helping the North American Electric Reliability Corporation (NERC), the nation’s grid watchdog, write Critical Infrastructure Protection standards, NRECA’s Cooperative Research Network (CRN) has developed the Guide to Developing a Cyber Security and Risk Mitigation Plan. This document — touted by the U.S. Department of Energy as a prime example for other utilities to follow (and endorsed by the head of grid security at IBM) — provides a set of scalable, online tools that can help electric co-ops strengthen their cyber security posture. While no one suggests it will prevent every possible act of “cyber-sabotage,” any step at mitigation means a significant leap toward better cyber security. As a result, we’ve offered the guide and template to others in the electric utility industry free of charge.
The bottom line is that over the past few years, our electric grid has become more secure because of joint public-private partnerships, such as those involving NERC. Meanwhile, electric cooperatives are working diligently to understand, mitigate, and respond to cyber events while strengthening the relationships essential to electric system protection. To this end, NRECA has discussed co-op leadership and concerns surrounding this subject in testimony before Congress and meetings with President Obama and U.S. Energy Secretary Ernest Moniz.
The perils posed by cyber attacks are real. But thanks to cooperative research and development and standards fashioned by electric utilities under the current voluntary, collaborative NERC framework, we’ll be better armed to defend against this new cyber threat.