Building Up Security
STATE REGULATORS STAY VIGILANT
Published In: EnergyBiz Magazine July/August 2012
SMART GRID TECHNOLOGY offers tremendous potential benefits to consumers and utilities alike. Improvements in reliability, efficiency, mitigating or reducing the price of electricity, and providing new products and services that give consumers greater choice and flexibility are just a few of these benefits. However, new technology means new security risks to both consumers and utilities.
Recently, author Brian Krebs, citing a May 27, 2010, FBI Intelligence Bulletin, reported that a series of hacks against smart meters over the last several years may have cost a Puerto Rico electric utility hundreds of millions of dollars annually. The FBI is concerned that cyber attacks and crimes will spread with the increase in the deployment of smart grid technology.
Stephen Flynn, professor and co-director of the Kostas Research Institute, testified at an April hearing before the U.S. House Homeland Security Subcommittee on Oversight, Investigations and Management. Interviewed after the hearing, he said of grid security, "I'm deeply concerned. So many utilities have taken advantage of tremendous technologies to support their operations, the efficiency of those operations, without really being cognizant of the degree to which those systems can be compromised and set off cascading consequences. I think virtually everybody I know outside of industry who understands the threat . . . really has a sense of doom, almost, here. It's very sobering stuff."
As smart grid technology develops, the opportunity for hackers with malicious intent increases. Any vulnerability creates the possibility that hackers could literally wreak all kinds of havoc with the grid. Furthermore, privacy of data gathered by smart meters can be compromised and increase the threat of identity theft, unauthorized access and surveillance of consumers.
Protecting the grid and consumers are important functions for state commissioners. Cyber threats pose concerns because state commissioners are responsible for ensuring that regulated utilities provide safe and reliable service. Moreover, state commissioners must ensure that any costs incurred by utilities for grid security are necessary and prudently incurred. This balancing act can be a daunting task.
To further complicate matters, several government, industry and standards-setting organizations are responsible for issuing detailed and highly technical cyber guidelines that are ever-changing. There is little, if any, coordination among these entities.
Additionally, Congress is considering several cybersecurity bills that could radically change how state commissions deal with utility cybersecurity matters. It is difficult, if not impossible, for state commissioners to stay current on everything that is emerging in the cybersecurity field.
A secure grid future rests on strategic planning, coordination between stakeholders, and implementation of best practices. The National Association of Regulatory Utility Commissioners and its Committee on Critical Infrastructure have embraced the role of acting as a central repository or hub on all matters relating to cybersecurity.
By leveraging the resources of a national organization, NARUC is uniquely situated to monitor hot topics in cyber- security, analyze guidelines and standards issued by the various responsible organizations, and cultivate beneficial relationships with federal partners such as the Departments of Homeland Security, Energy and Defense. NARUC and the committee are developing a best-practices cybersecurity primer and a publication, Questions to Ask Your Utilities, for state commissioners to use as a valuable resource in providing responsible oversight.
The committee invites cybersecurity professionals to educate state commissioners and commission staff members at regular sessions during NARUC meetings. It provides commissioners and staff members with regular newsletter and conference call updates on cybersecurity topics and sponsors monthly, unclassified cybersecurity threat briefings for state commissioners and staff members. We welcome and encourage experts in the cybersecurity field to provide guidance and assist us in providing the most current information to state commissions.
The goal of these and future activities is to help state commissioners understand cyber threats and evaluate security tools so that regulated utilities can deploy adequate security measures at a prudent cost to ensure reliable service. To that end, NARUC and the committee will continue its efforts to stay on the forefront of cybersecurity issues.