The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Electricity and Security
1. Electricity and Security
November 2020
Legislative advertising paid for by: Association of Electric Companies of Texas
1005 Congress, Suite 1000, Austin, TX 78701 • 512-474-6725 • www.aect.net
2. 512-474-6725
www.aect.net
Keeping the Electric Grid Reliable
slide
02
Electric utilities must balance electricity costs with
reliability initiatives
The most effective way to reduce likelihood of a
protracted outage: comprehensive emergency
plans to restore the grid
3. 512-474-6725
www.aect.net
Resistance Vs. Response
slide
03
o Each of the varied facilities that comprise the
electric grid face many threats to their
reliable operation
o Utilities must weigh the risk and the
likelihood of each threat and the most
effective, appropriate response to limit
outages
o The complexity of the electric grid is part of
its strength, allowing for greater reliability
and more effective recovery
o The focus of utilities is to quickly respond to
each threat, by having protocols and
replacement parts in place to recover critical
systems
4. 512-474-6725
www.aect.net
Avoiding Gold-Plating
slide
04
o The basic purpose of utility rate regulation is
to balance the needs of the customer and
the utility
o In simple terms, regulators set a limited
rate-of-return that utilities can attempt to
reach through efficient operations
o Utility investments must be deemed prudent
and meet “used and useful” standards
o Thus, utilities are not guaranteed cost-
recovery for every investment
Gold-Plating:
Accumulating excessive
capital under rate-of-
return regulation
5. 512-474-6725
www.aect.net
Physical Threats: Storms, Animals, Facility Attacks
slide
05
Avoidance and Preparation
o Promote Awareness: Utilities, national, state and local governments and agencies warn
residents of impending storms, including hurricanes, tornadoes and major ice storms
o Develop Mitigation Strategies: Utilities implement protocols to reduce likelihood of
electrocution from downed lines
o Harden Facilities: Utilities promote robust construction to allow for quick recovery and
look for opportunities to cost-effectively harden systems, such as through undergrounding
lines, animal guards and security drills
o Maintain Backup Equipment: Strategically position replacement parts and facilities to
quickly rebuild where needed
Response in Case of Major Outage
o Use the Advanced Grid: Advanced systems allow utilities to pinpoint outages
o Coordinate: Utilities coordinate with DPS, DHS and other agencies to minimize recovery
time and reduce injury from downed power lines
o Restoration and Cooperation: Utility work crews rebuild and restore, often with
assistance from other utilities nationwide
6. 512-474-6725
www.aect.net
Technology Threats: Cyber Attacks and Infiltration
slide
06
Avoidance and Preparation
o “Good Cyber Hygiene”: Maintain best practices, share information with other utilities and
hold regular briefings to avoid human error, such as clicking on a malicious email or
installing Trojan horse software
o Ongoing briefing and Communications: Communicate with federal agencies regarding
grid hacking activities
o Investment: Major hardware and software investment specifically aimed at identifying
cyber attack activity, plus investment in cyber security divisions staffed with financial
industry and military backgrounds
Response in Case of Major Outage
o Mitigation: Ensure systems can be segmented from one another to limit the impact of a
cyber attack
o Recovery: Ensure critical facilities are primed for backup and quick recovery
o Restoration, Cooperation and Recovery of Systems: As with other types of outage,
utilities are designed to be restored through robust systems, cooperation with government
entities and able to be rebuilt
7. 512-474-6725
www.aect.net
Magnetic Threats: Solar Flares and Nuclear Detonation
slide
07
Avoidance and Preparation
o Awareness: Utilities communicate with NASA and NOAA regarding geomagnetic
disturbances and DOD and DHS regarding the potential launch of a nuclear device by a
terrorist state or agent
o Mitigation: Utilities review designs, processes and procedures to improve grid
responsiveness in case of a magnetic disturbance
o Drills: As with preparing for other large-scale outage events, utilities hold regular drills to
maximize response time
Response in Case of Major Outage
o Preparation: Continue work with utilities and associations nationwide to determine best
practices for hardening against magnetic disturbances
o Recovery: Determine critical infrastructure that can be recovered quickly to rebuild the
grid in case of a magnetic disturbance or attack
o Putting the Grid Back Together: continue focus on robust systems and inventories of
assets to aid in recovery
8. 512-474-6725
www.aect.net
NERC Protocols and Governance
slide
08
• Threat Prioritization – impact ratings (high, medium and low)
• Management Controls
• Personnel and Training
• Electronic Security Perimeter, Physical Security, and Systems Security
• Incident Reporting and Response
• Recovery Plans and Information Protection
NERC: Set cybersecurity protocols and standards for electric
industry
• NERC, DOE, DHS, FERC
• Electricity-Information Sharing and Analysis Center (E-ISAC)
Electricity Subsector Coordinating Council
9. 512-474-6725
www.aect.net
Ongoing Activities Supporting Grid Threat Mitigation
slide
09
Response to Major Outage Threats
o ERCOT Grid Resilience Working Group is currently assessing major threats and
response strategies
o GridEx is an industry-wide exercise assessing grid readiness in case of physical or
cyber attack
o DOE developed a draft National Transformer Strategy in 2015
o NERC and FERC guidance on cyber security practices and supply chain security
Response to Physical Threats
o NERC requires utilities to hold annual drills to respond to major storm outages
o Utilities must comply with Presidential Policy Directive 8 on “Natural Preparedness”
Protection against Technology Threats
o DHS Electric Sector Information Sharing and Analysis Center gathers industry information on cyber threats to promote best practices
o DHS National Cyber and Communications Integration Center works with utilities; federal, state and local governments; and law enforcement
to assess and prepare for cyber threats
o Utilities must comply with Presidential Policy Directive 21 on “Critical Infrastructure Security and Resilience”
o EEI Electricity Subsector Coordinating Council works with federal agencies to assess current activities and develop strategies to reflect current
threats
Mitigation of Magnetic Threats
o DOE and EPRI Joint Electromagnetic Pulse Resilience Strategy is ongoing
o DHS EMP Protection Guidelines developed in 2014
o FERC GMD Reliability Standards Rulemaking Process is ongoing
o DHS Solar Storm Mitigation forecasting, to be completed in coordination with NASA and NOAA in 2016
Utilities, working with federal and
state energy agencies, constantly
seek opportunities to improve
coordination and preparation for all
types of threat that could result in a
major outage