The threat of an attack on our nation’s power grid is the “new normal,” according to Caitlin Durkovich, formerly Assistant Secretary for Infrastructure Protection. “It’s not a matter of if, but when. We have to continue to get smarter and better about what we are doing.”
Durkovich and other high-profile panelists discussed how the electric industry could take cybersecurity to the next level at the Energy Times’ Empowering Customers and Cities conference last week.
She joined David Velasquez, president and CEO of Pepco Holdings; Brad Luyster, director of business development at IPERC; and Philip Jones, commissioner at Washington UTC. Durkovich, now a director at Toffler Associates, warned about the need to stay vigilant but also said that she was encouraged by the current efforts within the Department of Homeland Security to keep the grid safe. "Cybersecurity is apolitical," she said.
Velasquez, whose utility serves the nation’s capital, stressed the importance of partnerships to help counter attacks. He gave an example of an incident that happened in the Pepco area a couple of years ago: “We had a transmission line that faulted at a substation close to DC. The relays took a little bit longer than expected to clear, creating a voltage depression throughout the city. Most people would see lights dim and move on but if you have sensitive equipment, you might have tripped over to your emergency generator, and phones start ringing,” Velazquez recalled. “Within 15 minutes on CNN, I get called out of a meeting and the CNN scroll talks about a power plant blowing up. It talks about ‘is this a terrorist threat?’”
Velasquez said that five years ago, that would have led to a long afternoon, but because of the advanced partnership Pepco has with the federal government, he was on a single coordination phone call within 45 minutes with the FBI, DOI, DHS, DOD, Secret Service, White House, etc.
He was able to quickly communicate that the power was not out in Washington DC and that there was no indication of a terrorist threat, that it was an equipment malfunction.
Continuous investment and innovation are also crucial to staying ahead of the threat. “We have to understand those threats that are coming at us,” Velasquez said. “It’s very important we understand what’s developing and that we learn from other incidents that have occurred.”
He said that Pepco’s key words for cybersecurity are to identify, detect, respond and recover. “So it’s not just about intelligence gathering, it’s also about how our systems are resilient and how we continue to build in that resilience.”
Pepco participates in exercises like GridEx as well as in drills with the local RTOS. The utility also holds internal drills on an ongoing basis. “We continue to look at ways to build redundancy into our system both to protect from physical and cyberattacks. We have a 24-hour security operation.”