Regulators and utilities should collaborate more to address cyber threats.
Andy Bochman, the principal of Bochman Advisors, has extensive experience in energy sector security. This article represents the author’s views and not those of his clients.
For the most part, the relationship between a utility and a regulator has been defined as one where one side feels obligated to review and the other to prove a certain position. The regulators and the utilities are comfortable living in a world of slow-changing rules, whether related to rate-setting, forecasting demand, promoting energy efficiency, quality and reliability, etc.
However, the electric sector is changing, and that change is making reliability more challenging than ever. From observing the industry's angst, one might imagine that electric utilities are the only ones that need to pay attention to new challenges brought by rapidly changing technology. Both sides - the utility and the regulator - seem unsure exactly how to deal with the ostensibly new concept of cybersecurity.
When we talk about grid cybersecurity in this article, we're primarily referring to the security of the electric grid - whether wholesale or retail. But when you think about it, the same principles, to a greater or lesser extent, apply to all types of utility service providers, and most if not all types of businesses and public entities, as almost every organization these days is enabled by technology.