Home News Urgent need to support prompt cost recovery for cybersecurity investments in electric...

Urgent need to support prompt cost recovery for cybersecurity investments in electric grid: Study

441
0
SHARE
Internet of Things
SHARE

PRNewswire: Cost recovery for electric sector cybersecurity investments is a critical component in ensuring that utility companies make key investments to protect the U.S. electric grid from cyberattacks, according to a new study.

The study, conducted by the Vermont Law School’s Institute for Energy and the Environment (IEE) for the non-profit group Protect Our Power, also concludes:

  • Many systems have not invested sufficiently in cybersecurity;
  • There is a lack of uniformity of regulatory oversight;
  • Improved sharing of confidential information on utility security practices between utilities and regulators is needed, and
  • Resilience metrics are needed to strengthen the electric distribution grid against cyberattacks.

The report, “Improving the Cybersecurity of the Electric Distribution Grid,” identifies the status of efforts and ongoing challenges to addressing the growing risk of a cyberattack on the electric grid. It also presents best practices that state electric utility commissions and their regulated utilities can use to increase investments to enhance grid security. It includes case studies of actions taken in California, Connecticut, Florida, Michigan, New York and other states to enhance cybersecurity.

The report comes amid another wave of warnings from the U.S. intelligence and defense communities that threats to critical infrastructure, and especially to the electric grid, grow more serious. Russia, for example, is known to have hacked into power plant industrial control systems and, according to the Worldwide Threat Assessment of the U.S. Intelligence Community, “Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage.”

The study, conducted by IEE researchers over the past eight months, identifies several key areas where action is needed, including:

  • Improving protections for confidential information shared between utilities and regulators regarding vulnerabilities and plans to address them;
  • Improving the frequency and quality of utility commission engagement with cooperatives, public power utilities and smaller utilities to elevate the security posture of all distribution utilities;
  • Aligning investment incentives with system needs;
  • Reducing regulatory obstacles to utility investment, and,
  • Deploying new metrics for assessing a system’s security performance.

“It is clear that action is needed to reduce the likelihood and impact of a cyberattack on the nation’s distribution grid, and this report provides concrete steps towards ensuring a more resilient grid,” said Mark James, project lead and assistant professor with the Vermont Law School. “Our research identifies pathways for utilities and utilities commissions to reduce existing barriers to investment and increase system resilience.”

Richard Mroz, Protect Our Power’s senior advisor for state and government relations, former president of the New JerseyBoard of Public Utilities and former chairman of the National Association of Regulatory Utility Commissioners’ Critical Infrastructure Committee, said the study offers valuable insights into a complex problem that is rife with confusion and cost challenges.

“As a former state regulator, I know how difficult it can be to strike the right balance between the need for new investments to protect critical infrastructure and the potential cost to electric ratepayers,” Mroz said. “This report highlights the clear challenge for industry and regulators but also case studies of how this challenge is being met to secure the grid.”

Mroz said he hopes this report will give regulators confidence that the necessary investments can be made prudently.

Protect Our Power commissioned the study in June 2018. The goal is to help identify a pathway, or model approach, that state electric utility commissions and their utilities can use to facilitate timely grid upgrades, including appropriate financial options for equitably sharing the costs of upgrades.

The IEE team conducted its research by: reviewing utility commission dockets and orders; analyzing state statutes and regulations; evaluating cybersecurity policies; and, interviewing representatives of investor-owned utilities, national trade organizations, public utility commissions, information security officers and others. The report will be shared with NARUC, state utility commissions and electric industry representatives and organizations.

The IEE team soon will begin Phase Two of the research project, designed to develop model regulations and policies that could be used by states to help bring a higher level of consistency to regulatory approaches nationally, still allow individual states the flexibility to address local issues.

SHARE

LEAVE A REPLY

Please enter your comment!
Please enter your name here