Noting that experts generally agree the risk of a large-scale cyber attack on America’s electricity transmission grid “is significant and must be addressed,” a new report by the Bipartisan Policy Center (BPC)’s Electric Grid Cybersecurity Initiative recommends that government and industry work together to put strong protections in place. This week, Department of Energy (DOE) Secretary Moniz underscored the need to make more progress on this issue by boosting funding in DOE’s proposed budget for cybersecurity work.
Although I usually focus on the role the Federal Energy Regulatory Commission (FERC) can play in the transformation to a low-carbon future and clean energy economy, I think it’s worth stepping away from my standard fare to highlight the critical importance of cybersecurity, since we cannot achieve a clean and resilient grid without addressing the cyber threat head on.
First, what is a cyber attack?
I don’t think you’d be surprised by the definition of a cyber attack. The BPC Report released last week defines a cyber attack on the transmission grid as an attempt by any of a “variety of malicious actors” (for example, terrorist organizations, external hackers, foreign nations) to disrupt grid operations, damage infrastructure, or steal information via grid systems. The BPC reports the FBI’s view that cyber attacks are eclipsing terrorism as the primary threat facing the United States.
Electric grid regulators like FERC, NERC and the states already have subjected transmission grid owners to strong reliability protections to address unexpected increases in customer demand for electricity, unexpected generation and transmission line outages and, increasingly, to ensure resilience in the face of bad weather. However, a cyber attack represents an entirely different threat to grid reliability; it’s unpredictable in a number of different ways, and it could create massive power disruptions across widespread areas of the country. In short, existing reliability protections probably aren’t sufficient defense against a well-executed cyber attack.
How does the U.S. protect against a cyber attack?
The emerging cyber threat has grid owners, regulators, and policymakers working hard to come up with wise protections that can be implemented quickly. The BPC Initiative put together an expert group to assess this threat, including co-chairs General (Ret.) Michael Hayden, former director of the CIA; Curt Hebert, former FERC chairman; and Susan Tierney, former Department of Energy assistant secretary and Massachusetts regulator. They make several recommendations to strengthen the grid and increase potential attack preparedness, including the development of:
- public-private partnerships to improve information flow between government and industry;
- innovative incentives, such as the use of insurance markets, to improve cybersecurity;
- better tools to help utility economic regulators better evaluate the value of cybersecurity investments; and
- clarity on the government chain of command in the event of an attack.
How does cyber security relate to a clean, low-carbon grid?
Climate change and cyber threats pose potentially dire risks to national security. Modernizing and creating a clean, low-carbon grid go hand in hand, and must be accomplished in a way that increases protection of our grid against cyber threats. The installation of smart grid hardware and software is a key requirement for both “de-carbonizing” and modernization. The technology will allow grid operators access to data about their systems that will increase efficiency and resiliency and increase the role of rooftop solar panels, electric vehicles, appliances and other distributed (on-site) generation. Higher grid efficiencies will mean less need to keep marginal fossil-fueled generation online and more ways to take advantage of clean, cheap renewable power like wind and solar. The technology will strengthen grid reliability – making it more robust in the face of severe weather and more resilient in response.
However, the BPC report recognizes that intelligent grid systems add a layer of complexity that may contribute to grid vulnerability in the face of cyber attacks. Recognizing the need to protect against cyber threats when integrating smart grid technology broadly will ensure exposure is kept to a minimum.
BPC’s bipartisan thinking has informed the intersection of environmental and reliability policy for several years now. I served as a co-chair of the BPC’s previous electric grid initiative, which produced a set of policy recommendations to achieve a clean-energy future while maintaining grid reliability. Together with last week’s report on cybersecurity, the BPC has produced an excellent roadmap for getting to the grid future we would like to see. DOE Secretary Moniz is probably not the only person in Washington who will be interested in reading the BPC’s work.