HOME

TheInfoList



OR:

Electric grid security in the US refer to the activities that utilities, regulators, and other stakeholders play in securing the national electricity grid. The American electrical grid is going through one of the largest changes in its history, which is the move to smart grid technology. The smart grid allows energy customers and energy providers to more efficiently manage and generate electricity. Similar to other new technologies, the smart grid also introduces new concerns about security. Utility owners and operators (whether investor-owned, municipal, or cooperative) typically are responsible for implementing system improvements with regards to cybersecurity. Executives in the utilities industry are beginning to recognize the business impact of cybersecurity. The electric utility industry in the U.S. leads a number of initiatives to help protect the national electric grid from threats. The industry partners with the federal government, particularly the
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...
, the
North American Electric Reliability Corporation The North American Electric Reliability Corporation (NERC) is a nonprofit corporation based in Atlanta, Georgia, and formed on March 28, 2006, as the successor to the North American Electric Reliability Council (also known as NERC). The original ...
, and federal intelligence and law enforcement agencies. Electric grids can be targets of military or terrorist activity. When American military leaders created their first air war plan against the Axis in 1941, Germany's electric grid was at the top of the target list.


Issue overview

The North American electrical power grid is a highly connected system. The ongoing modernization of the grid is generally referred to as the "
smart grid A smart grid is an electrical grid which includes a variety of operation and energy measures including: *Advanced metering infrastructure (of which smart meters are a generic name for any utility side device even if it is more capable e.g. a f ...
". Reliability and efficiency are two key drivers of the development of the smart grid. Another example is the ability for the electrical system to incorporate renewable energy sources such as wind power and geothermal power. One of the key issues for electric grid security is that these ongoing improvements and modernizations have created more risk to the system. As an example, one risk specifically comes from the integration of digital communications and computer infrastructure with the existing physical infrastructure of the power grid. According to the academic journal ''IEEE Security & Privacy Magazine'', "The smart grid . . . uses intelligent transmission and distribution networks to deliver electricity. This approach aims to improve the electric system's reliability, security, and efficiency through two-way communication of consumption data and dynamic optimization of electric-system operations, maintenance, and planning."


Government oversight

In the U.S., the
Federal Energy Regulatory Commission The Federal Energy Regulatory Commission (FERC) is the United States federal agency that regulates the transmission and wholesale sale of electricity and natural gas in interstate commerce and regulates the transportation of oil by pipeline in ...
(FERC) is in charge of the cybersecurity standards for the bulk power system. The system includes systems necessary for operating the interconnected grid.
Investor-owned utilities Investor-owned utilities (IOUs) are private enterprises acting as public utilities A public utility company (usually just utility) is an organization that maintains the infrastructure for a public service (often also providing a service usin ...
operate under a different authority, state public utility commissions. This falls outside of FERC's jurisdiction.


Cybersecurity

In 2016, members of the Russian hacker organization "Grizzly Steppe" infiltrated the computer system of a Vermont utility company, Burlington Electric, exposing the vulnerability of the nation's electric grid to attacks. The hackers did not disrupt the state's electric grid, however. Burlington Electric discovered malware code in a computer system that was not connected to the grid. As of 2018, two evolutions are taking place in the power economic sector. These evolutions could make it harder for utilities to defend from a cyber threat. First, hackers have become more sophisticated in their attempts to disrupt electric grids. "Attacks are more targeted, including spear phishing efforts aimed at individuals, and are shifting from corporate networks to include industrial control systems." Second, the grid is becoming more and more distributed and connected. The growing "
Internet of Things The Internet of things (IoT) describes physical objects (or groups of such objects) with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other com ...
" world could make it so that every device could be a potential vulnerability.


Terrorist attack risk

As of 2006, over 200,000 miles of transmission lines that are 230 kV or higher existed in the United States. The main problem is that it is impossible to secure the whole system from terrorist attacks. The scenario of such a terrorist attack, however, would be minimal because it would only disrupt a small portion of the overall grid. For example, an attack that destroys a regional transmission tower would only have a temporary impact. The modern-day electric grid system is capable of restoring equipment that is damaged by natural disasters such as tornadoes, hurricanes, ice storms, and earthquakes in a generally short period of time. This is due to the resiliency of the national grid to such events. "It would be difficult for even a well-organized large group of terrorists to cause the physical damage of a small- to moderate-scale tornado."


Potential solutions

Today the utility industry is advancing cybersecurity with a series of initiatives. They are partnering with federal agencies. The goal is to improve sector-wide resilience to both physical and cyber threats. The industry is also working with
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...
, the
North American Electric Reliability Corporation The North American Electric Reliability Corporation (NERC) is a nonprofit corporation based in Atlanta, Georgia, and formed on March 28, 2006, as the successor to the North American Electric Reliability Council (also known as NERC). The original ...
, and federal intelligence and law enforcement agencies. In 2017, electric companies spent $57.2 billion on grid security. In September 2018, Brien Sheahan, chairman and CEO of the Illinois Commerce Commission and a member of the U.S. Department of Energy (DOE) Nuclear Energy Advisory Committee, and
Robert Powelson Robert F. Powelson is an American nonprofit executive and former government official who currently serves as president and CEO of the National Association of Water Companies. He was a member of the Federal Energy Regulatory Commission from 2017 ...
, a former
Federal Energy Regulatory Commission The Federal Energy Regulatory Commission (FERC) is the United States federal agency that regulates the transmission and wholesale sale of electricity and natural gas in interstate commerce and regulates the transportation of oil by pipeline in ...
(FERC) commissioner, wrote in a published piece in ''Utility Dive'' that cyberthreats to the national power system require stronger national standards and more collaboration between levels of government. Recent to their article, the
U.S. Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior or home ministries of other countries. Its stated missions involve anti-terr ...
confirmed that Russian
hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
s targeted the control room's of American
public utilities A public utility company (usually just utility) is an organization that maintains the infrastructure for a public service (often also providing a service using that infrastructure). Public utilities are subject to forms of public control and ...
. The electric distribution system has become more and more networked together and interconnected. Critical public services depend on the system: water delivery, financial institutions, hospitals, and public safety. To prevent disruption to the network, Sheahan and Powelson recommended national standards and collaboration between federal and state energy regulators. Some utility companies have cybersecurity-specific practices or teams.
Baltimore Gas and Electric Baltimore Gas and Electric Company (BGE) is a subsidiary of the Exelon Corporation and Maryland’s largest gas and electric utility. BGE earlier had created the holding company Constellation Energy in 1999. Constellation Energy was acquired ...
conducts regular drills with its employees. It also shares cyber-threat related information with industry and government partners.
Duke Energy Duke Energy Corporation is an American electric power and natural gas holding company headquartered in Charlotte, North Carolina. Overview Based in Charlotte, North Carolina, Duke Energy owns 58,200 megawatts of base-load and peak generation in ...
put together a corporate incident response team that is devoted to cybersecurity 24 hours a day. The unit works closely with government emergency management and law enforcement. Some states have cybersecurity procedures and practices: * New Jersey: Utilities are required to put together comprehensive cybersecurity plans. * Pennsylvania: Utilities must keep physical and cybersecurity, emergency response and business continuity plans. They also have to report severe cyberattacks. * Texas: The state's public utility commission conducts annual security audits. In December 2018, U.S. Senators
Cory Gardner Cory Scott Gardner (born August 22, 1974) is an American attorney, lobbyist, and politician who served as a United States senator from Colorado from 2015 to 2021. A Republican, he was the U.S. representative for Colorado's 4th congressional dis ...
and
Michael Bennet Michael Farrand Bennet (born November 28, 1964) is an American attorney, businessman, and politician serving as the senior United States senator from Colorado, a seat he has held since 2009. A member of the Democratic Party, he was appointed ...
introduced legislation intended to improve grid security nation-wide. The bills would create a $90 million fund that would be distributed to states to develop energy security plans. The legislation would also require the U.S. Energy Department to identify any vulnerabilities to cyberattacks in the nation's electrical power grid. In March 2019,
Donald Trump Donald John Trump (born June 14, 1946) is an American politician, media personality, and businessman who served as the 45th president of the United States from 2017 to 2021. Trump graduated from the Wharton School of the University of P ...
issued an executive order that directed federal agencies to prepare for attacks involving an
electromagnetic pulse An electromagnetic pulse (EMP), also a transient electromagnetic disturbance (TED), is a brief burst of electromagnetic energy. Depending upon the source, the origin of an EMP can be natural or artificial, and can occur as an electromagnetic f ...
. In May 2020, he issued an executive order that bans the use of grid equipment manufactured by a foreign adversary.


Electricity Subsector Coordinating Council

The Electricity Subsector Coordinating Council (ESCC) is the main liaison organization between the federal government and the electric power industry. Its mission is to coordinate efforts to prepare for, and respond to, national-level disasters or threats to critical infrastructure. The ESCC is composed of electric company CEOs and trade association leaders from all segments of the industry. Its federal government counterparts include senior administration officials from the White House, relevant cabinet agencies, federal law enforcement, and national security organizations.
/ref>


See also

* Smart grids by country


References

{{Reflist


Further reading

*Campbell, Richard J.
Electric Grid Cybersecurity
"
Congressional Research Service The Congressional Research Service (CRS) is a public policy research institute of the United States Congress. Operating within the Library of Congress, it works primarily and directly for members of Congress and their committees and staff on a ...
. 2018-09-04. *Katz, Jeff.
10 Grid Security Considerations for Utilities
" SecurityIntelligence. 2016-11-10.
Framework for Improving Critical Infrastructure Cybersecurity
"
National Institute of Standards and Technology The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical s ...
. 2014-02-12. *Gheorghiu, Iulia.
What are utilities doing about the growing need for grid security?
''UtilityDIVE''. 2018-05-22.
Growing cyber threats demand comprehensive grid security
" IBM. Public utilities Computer security Electric power