The U.S. electric grid is increasingly dependent on the internet for operations, and as a result it is also increasingly susceptible to cyberattacks. It doesn’t take much imagination to see how such attacks might cripple a broad swath of the U.S. economy. When U.S. military planners developed their first air war plan for defeating Axis powers in the summer of 1941, Germany’s electric grid was at the top of the target list.
A well-constructed cyberattack against the grid might not do as much physical damage as bombs, but it would likely be highly effective at cutting off electricity to hospitals, banks, factories and other critical assets. U.S. utilities have been slow to awaken to this danger, but now they must direct significant resources to enhancing cybersecurity.
The Federal Energy Regulatory Commission manages the cybersecurity standards for the bulk power system, which includes facilities and control systems necessary for operating the interconnected grid. However, investor-owned utilities operate under the state public utility commissions, outside of the Federal Energy Regulatory Commission’s jurisdiction.
Cybersecurity standards are lacking in the distribution system, where electricity is delivered to customers and operated by utilities. Since utilities own, operate and generate revenue by operating power resources, they should seek and fund cybersecurity solutions to ensure equipment and electricity availability are not compromised.
Some utilities are actively pursuing cybersecurity efforts. For instance, Baltimore Gas and Electric conducts regular drills and shares information related to cyber threats it encounters with industry and government partners.
In addition, Duke Energy has a corporate incident response team and security professionals devoted to cybersecurity 24 hours a day. This utility works closely with local, state and national emergency management and law enforcement after cybersecurity incidents.
Other utilities may not have the rate base to fund cybersecurity initiatives. Minimum cybersecurity standards need to be created by public utility commissions in every state to ensure that electricity availability is guarded.
Public utility commissions play a powerful role incentivizing utility behavior because they decide what percentage of profits utilities can retain. They also authorize which investment costs can be passed on to customers.