CSG Webinar: Addressing Cybersecurity Threats in the Smart Grid
On April 26, CSG held a webinar with policy experts from the Edison Electric Institute on addressing cybersecurity threats in the Smart Grid. EEI is the largest association of U.S. investor-owned utilities and its members provide roughly 70 percent of the nation’s electricity. The webinar’s presenters featured Chris Eisenbrey and Scott Aaronson who are policy experts that focus on Smart Grid issues and policy development.
The first presentation gave an overview of the current limitations of the existing electric grid, which the industry refers to as “intellectually challenged” because it has limited situation awareness to monitor and report outages, limited capability to rectify problems, and it cannot communicate important pricing or energy usage information. A “smarter” grid will potentially:
- Offset future infrastructure costs and improve productivity of the grid;
- Support environmental policy improvements by more easily integrating renewables into the grid and improve energy efficiency; and
- Provide customers with more information to optimize energy usage;
Federal funding through stimulus awards and guidance from agencies like the Department of Energy and the Federal Energy Regulatory Commission (FERC), as well as state implementation of smart meter adoption, have proven to be critical in getting Smart Grid from the concept phase to deployment. EEI believes that Smart Grid policy focus will shift to the state level to address potential privacy and accuracy concerns raised by customers with smart meters, regulatory issues with rate recovery with the new meters, and expanding “opt-out” initiatives by customers that do not wish to switch from analog meters. For more information about EEI’s perspective on Smart Grid issues, please visit: SmartGrid.eei.org
The second presentation highlighted EEI’s objectives with potential federal legislation on cybersecurity issues and trends to monitor on a state-level. Two key points were driven home: utilities are the only industry that has mandatory and enforceable cyber standards and any new legislation passed should be limited in scope that provides new emergency authority only when imminent threats could impact critical infrastructure. From the electric utility perspective, all critical infrastructure sectors should be covered because of their interconnectedness on the grid and more information sharing needs to take place between the government and industry stakeholders. An overview was given of the suite of bills being considered by the House of Representatives and the Senate, and EEI provided policy analysis as well prognostications of its potential success. A key observation was made that there was significant wrangling in Congress, especially in the Senate, over creating new federal jurisdiction for cybersecurity especially when the Department of Homeland Security recently conducted an exercise on a hypothetical attack and did not bother to include the other federal agencies actually responsible for electricity reliability. Despite a lack of new federal legislation, the industry is working with agencies and regulators to conduct self-assessments of their system vulnerabilities and pilot projects to equip grid operators with more national security information. From EEI’s perspective, state regulation and enforcement is a “mixed bag” as there is an inherent tension with independent regulators like Public Utilities Commissions that raise very legitimate and serious concerns regarding the economic cost associated with deploying Smart Grid technology.
Addressing Cybersecurity Threats in the Smart Grid