WASHINGTON, April 15, 2019 /PRNewswire/ -- Cost recovery for
electric sector cybersecurity investments is a critical component
in ensuring that utility companies make key investments to protect
the U.S. electric grid from cyberattacks, according to a new
study.
The study, conducted by the Vermont Law
School's Institute for Energy and the Environment (IEE) for
the non-profit group Protect Our Power, also concludes:
- Many systems have not invested sufficiently in
cybersecurity;
- There is a lack of uniformity of regulatory oversight;
- Improved sharing of confidential information on utility
security practices between utilities and regulators is needed,
and
- Resilience metrics are needed to strengthen the electric
distribution grid against cyberattacks.
The report, "Improving the Cybersecurity of the Electric
Distribution Grid," identifies the status of efforts and ongoing
challenges to addressing the growing risk of a cyberattack on the
electric grid. It also presents best practices that state electric
utility commissions and their regulated utilities can use to
increase investments to enhance grid security. It includes case
studies of actions taken in California, Connecticut, Florida, Michigan, New
York and other states to enhance cybersecurity.
The report comes amid another wave of warnings from the U.S.
intelligence and defense communities that threats to critical
infrastructure, and especially to the electric grid, grow more
serious. Russia, for example, is
known to have hacked into power plant industrial control systems
and, according to the Worldwide Threat Assessment of the U.S.
Intelligence Community, "Moscow is mapping our critical infrastructure
with the long-term goal of being able to cause substantial
damage."
The study, conducted by IEE researchers over the past eight
months, identifies several key areas where action is needed,
including:
- Improving protections for confidential information shared
between utilities and regulators regarding vulnerabilities and
plans to address them;
- Improving the frequency and quality of utility commission
engagement with cooperatives, public power utilities and smaller
utilities to elevate the security posture of all distribution
utilities;
- Aligning investment incentives with system needs;
- Reducing regulatory obstacles to utility investment, and,
- Deploying new metrics for assessing a system's security
performance.
"It is clear that action is needed to reduce the likelihood and
impact of a cyberattack on the nation's distribution grid, and this
report provides concrete steps towards ensuring a more resilient
grid," said Mark James, project lead
and assistant professor with the Vermont Law
School. "Our research identifies pathways for utilities and
utilities commissions to reduce existing barriers to investment and
increase system resilience."
Richard Mroz, Protect Our Power's
senior advisor for state and government relations, former president
of the New Jersey Board of Public
Utilities and former chairman of the National Association of
Regulatory Utility Commissioners' Critical Infrastructure
Committee, said the study offers valuable insights into a complex
problem that is rife with confusion and cost challenges.
"As a former state regulator, I know how difficult it can be to
strike the right balance between the need for new investments to
protect critical infrastructure and the potential cost to electric
ratepayers," Mroz said. "This report highlights the clear challenge
for industry and regulators but also case studies of how this
challenge is being met to secure the grid."
Mroz said he hopes this report will give regulators confidence
that the necessary investments can be made prudently.
Protect Our Power commissioned the study in June 2018. The goal is to help identify a
pathway, or model approach, that state electric utility commissions
and their utilities can use to facilitate timely grid upgrades,
including appropriate financial options for equitably sharing the
costs of upgrades.
The IEE team conducted its research by: reviewing utility
commission dockets and orders; analyzing state statutes and
regulations; evaluating cybersecurity policies; and, interviewing
representatives of investor-owned utilities, national trade
organizations, public utility commissions, information security
officers and others. The report will be shared with NARUC,
state utility commissions and electric industry representatives and
organizations.
The IEE team soon will begin Phase Two of the research project,
designed to develop model regulations and policies that could be
used by states to help bring a higher level of consistency to
regulatory approaches nationally, still allow individual states the
flexibility to address local issues.
About Protect Our Power
Protect Our Power is a not-for-profit organization designed to
build a consensus among key stakeholders, decision-makers and
public policy influencers to launch a coordinated and adequately
funded effort to make the nation's electric grid more resilient and
more resistant to all external threats. The national program must
also ensure establishment of an enhanced power restoration and
recovery component for all grid operations that would include
communications protocols to protect the American public. Protect
Our Power has a highly-experienced staff and 25-member Advisory
Panel representing a broad cross-section of grid-related
disciplines. POP is singularly and uniquely positioned as a
non-partisan, unbiased thought leader able to serve as a convening,
moderating, action-oriented voice.
About Vermont Law School
Vermont Law School, a private,
independent institution, is home to the nation's largest and
deepest environmental law program. VLS offers a juris doctor
curriculum that emphasizes public service in four master's degree
and four post-JD degree programs.
View original content to download
multimedia:http://www.prnewswire.com/news-releases/urgent-need-to-support-prompt-cost-recovery-for-cybersecurity-investments-in-electric-grid-vermont-law-school-study-300831675.html
SOURCE Protect Our Power