Electric utilities have been focused on improving the safety and reliability of the complex and dynamic electric grid for years, testified Sue Kelly, president and CEO of the American Public Power Association at a Senate Energy and Natural Resources Committee hearing today. Kelly testified on behalf of investor-owned, cooperatively owned, and publicly owned utilities, as well as independent generators and Canadian utilities. The industry's top priority is to protect critical power infrastructure from cyber and physical threats by partnering with all levels of government and sharing critical information, she said.
"Keeping the lights on for customers is of paramount importance to electric utilities. Because electricity is produced and consumed instantaneously and follows the path of least resistance, ensuring reliability and grid security is a collective affair," said Kelly.
The hearing, "Keeping the Lights On — Are We Doing Enough to Ensure the Reliability and Security of the U.S. Electric Grid?" was convened by the Senate Energy and Natural Resources Committee headed by Sen. Mary Landrieu (D–La.), with ranking member Sen. Lisa Murkowski (R-Ala.).
Kelly explained the robust measures electric utilities already have in place to address physical and cybersecurity and outlined how these measures have remained responsive to evolving threats over the years.
Recent media reports profiled attacks on physical infrastructure including the incident at Pacific Gas and Electric's Metcalf substation in California. While electric utilities take this incident seriously, the notion that media stories have spurred action on grid security is inaccurate, Kelly noted. Well before the media reports, government and industry initiated a series of briefings across the country to help utilities and local law enforcement learn more about the Metcalf attack and its potential implications.
On March 7, 2014, the Federal Energy Regulatory Commission (FERC) directed the North American Electric Reliability Corporation (NERC) under Section 215 of the Federal Power Act (FPA) to submit proposed reliability standards on physical security of critical assets within 90 days. Investor-owned, cooperatively owned, publicly owned utilities, and other industry stakeholders are participating in the NERC process to develop this important standard.
The key to electric utility physical security is a "defense-in-depth" approach, which relies on resiliency, redundancy and the ability to recover, should an extraordinary event occur, Kelly said. The industry applies a similar "defense-in-depth" approach to cyber-security to ensure a quick response if an attack occurs. As there are more than 45,000 substations in the United States, prioritizing the most critical assets and focusing security planning on them is very important, explained Kelly. She noted that cybersecurity must be an iterative process, as the nature of threats constantly evolves.
Cybersecurity of the electric grid can be enhanced by improving information sharing between the federal government and industry, emphasized Kelly. The Electricity Sub-sector Coordinating Council (ESCC), a public/private partnership between the utility sector and the federal government, plays an essential role in coordination and information sharing. The ESCC has representatives from electricity trade associations, utilities and regional transmission organizations.
"The only way industry participants on the ground can truly protect against an event is to be aware of a specific threat or concern. They know which of their assets are critical. They know what they need to do to protect against the majority of physical and cyber threats," explained Gerry Cauley, CEO of the North American Electric Reliability Corporation who also testified at the hearing. "However, if the government is aware of a specific threat, communicating that information to those individuals on the front lines is important. This communication differs from providing public access to sensitive information, but is an essential component of security protection," he added.
Others who testified were Cheryl LaFleur, FERC acting chair; Colette Honorable, National Association of Regulatory Utility Commissioners president; and Phil Moeller, FERC commissioner.