Crime
A Cyber Secure Electric System
At a time of increased concern about the vulnerability of the electric grid to cyber attacks, co-ops need to create a culture of vigilance that goes beyond meeting minimum legal requirements and is based on risk management.
A recent NRECA webinar urged co-ops to create a culture of vigilance when developing cyber security plans by focusing on risk mitigation. (Photo By: Shutterstock)
That was the core message of a June 23 CEO Web Conversation, an hour-long cyber security webinar in which more than 130 co-op CEOs heard from NRECA officials. Topics included implementing safeguards and regulations and legislation awaiting action at the federal level.
“There is no question that there will be some kind of legislation,” said NRECA CEO Glenn English, one of the webinar’s three panelists, referring to cyber and grid security bills pending in the House and Senate. “The question is whether it will make sense, will it be burdensome, and will it make electricity less affordable for our members.”
The Grid Reliability and Infrastructure Defense Act has been introduced in the House; similar legislation is pending in the Senate. Both measures would grant more grid oversight to the Federal Energy Regulatory Commission and possibly undermine efforts by the North American Electric Reliability Corp., where the industry convenes to write the technical standards that keep the bulk power system reliable, said panelist Laura Marshall Schepis, NRECA Government Relations deputy director and counsel.
With regulatory and legislative decisions up in the air, the panelists urged co-op CEOs to move forward on cyber security plans, using as a starting point the Cooperative Research Network’s well-received “Guide to Developing a Risk Mitigation and Cyber Security Plan.”
Panelist Ed Torrero, CRN executive director, recommended that co-ops not use a minimal checklist approach when implementing cyber security plans. CRN developed the tools using grant funds from the Smart Grid Demonstration Project supported by the Department of Energy and 23 electric co-ops.
“This is not a safe approach to take,” said Torrero. “It’s all about managing the risk, that someone you don’t trust will be getting into your system or sending software that can be malicious to your system.”
The guide has won strong endorsements from cyber security experts for its practical, how-to approach, and has already been used by several co-ops. It starts co-ops on the complex process of building a cyber security plan.
“What we have is a tool kit that helps you establish a base and as you build on top of that, it’s in your best interest to document all the way what you’re doing to improve your overall system,” said Torrero.
The panelists also urged co-ops to document their progress while they’re developing their plans. “The bottom line is that documentation is important, even if it’s cumbersome,” said Barry Lawson, NRECA’s associate director for power delivery and reliability, who joined the webinar off-site.
“NRECA and the industry are continually working to try to minimize the documentation requirements, but we will not be able to eliminate them as it relates to NERC cyber security standards.”