Public Utilities Reports

PUR Guide 2012 Fully Updated Version

Available NOW!
PUR Guide

This comprehensive self-study certification course is designed to teach the novice or pro everything they need to understand and succeed in every phase of the public utilities business.

Order Now

Gridlock in 2030?

Policy priorities for managing T&D evolution.

Fortnightly Magazine - January 2012

the roles of public and private networks. Resolution of the former debate rests with the FCC, while opportunities for both public and private networks likely will exist unless the regulatory environment treats them unequally.

As Figure 4 indicates, cybersecurity involves more than protecting against attacks. In fact, as communications systems expand into every facet of grid control and operations, their complexity and continuous evolution will preclude perfect protection from cyber attacks. Response and recovery, in addition to preparedness, will thus be important components of cybersecurity, and it’s important for the involved government agencies, working with the private sector and publicly owned utilities in a coordinated fashion, to support the research necessary to develop best practices for response to and recovery from cyber attacks on transmission and distribution systems, and to deploy those practices rapidly and widely.

NERC is responsible for cybersecurity standards development and compliance for the bulk power system, but no entity has comparable nationwide responsibility for distribution systems. State PUCs—which generally are responsible only for investor-owned distribution systems— generally lack cybersecurity expertise, and the same is true of municipal utilities, cooperatives, and other public systems. While the consequences of a successful attack on the bulk power system are potentially much greater than an attack at the distribution level, the boundary between transmission and distribution has become increasingly blurred, and distribution level cybersecurity risks deserve serious attention. NIST is facilitating the development of cybersecurity standards broadly, but it doesn’t have an operational role. Thus no agency currently has responsibility for cybersecurity across all aspects of grid operations.

This is a serious problem, and we strongly recommend that a single federal agency be clearly given responsibility for working with industry as well as appropriate regulatory authority to enhance cybersecurity preparedness, response, and recovery across the electric power sector, including both bulk power and distribution systems. This might require new legislation, and legislative proposals designating either a combination of FERC and DOE or the Department of Homeland Security (DHS) have recently been advanced. Once a lead agency has been designated, it should take all necessary steps to ensure that it has appropriate expertise by working with NERC and other relevant federal agencies, as well as state PUCs, public power authorities, and such expert organizations as IEEE and EPRI.

With the collection, transmission, processing, and storage of increasing amounts of information on customer electricity usage also comes heightened concern for protecting the privacy of that information. Deciding who has access rights to these personal data and ensuring consumers’ privacy will be important considerations in the design and operation of grid communications networks. The complex issues involved are being actively debated in several states. Coordination across states will be necessary to mitigate concerns of companies that operate in multiple jurisdictions, and the concerns of their customers, as data on both companies and their customers regularly cross state boundaries.

Challenges Ahead

Despite alarmist rhetoric, the U.S. electric grid is not in crisis, but complacency would be unwise. Significant opportunities and challenges loom, and between now and 2030 the grid will inevitably undergo major changes. If the