Will malicious Code Crack the Grid?

Threats from cyber hackers—the curious, mischief-minded, and terrorists alike?are an increasing concern for the electric utility sector, including electric cooperatives. While computer and telecommunications technologies allow electric utilities to serve consumers more reliably and efficiently, they also open up potential gateways for “cyber-tage” of critical electric systems.



While news reports about the potential for cyber have raised public awareness about the issue, there are no documented instances of a cyber assault damaging North American power facilities. Why? In part, because utilities, including rural electric co-ops (REC), started addressing these issues years ago by working with the North American Electric Reliability Corporation (NERC), the nation’s electric grid watchdog, and federal agencies to update procedures, standards, and alerts that contribute to protecting the grid from physicial and cyber incidents as well as natural disasters. 



However, the ever-real possibility of a hacker undermining digital technologies used by utilities has Congress, the White House, and regulatory agencies considering the right balance of cyber security safeguards and emergency response initiatives. At present, federal law does not enable the government to order utilities to take steps when an imminent threat exists.



As a result, several congressional bills have emerged that would increase federal authority during emergencies to protect “critical infrastructure” like the electric grid. Co-ops argue most of these proposals go too far in expanding Federal Energy Regulatory Commission (FERC) emergency powers. FERC already has authority to instruct NERC to develop or modify reliability standards, including those focused on cyber security.



However, electric co-ops agree that in limited cases where cyber threats are so severe and close at hand that NERC cannot issue instructions to utilities in time, a federal emergency back-stop may be appropriate until the situation is mitigated, ends, or until NERC can adequately address the hazard though standards and/or alerts. Co-ops also want federal agencies to more routinely provide actionable, timely intelligence about cyber threats and vulnerabilities to utility industry experts.  



Fortunately, electric co-ops are moving forward to erect cyber defenses and fashion robust plans for addressing current and future dangers. At the same time, co-ops recognize that in a rapidly evolving cyber environment, there’s no such thing as perfect security. Risk mitigation must become an ongoing process requiring constant adaptation and evaluation.



The National Rural Electric Cooperative Association’s Cooperative Research Network (CRN), through its groundbreaking nationwide CRN Smart Grid Demonstration Project, has created the Guide to Developing a Risk Mitigation and Cyber Security Plan?a set of online tools that will help co-ops strengthen their cyber security posture with a particular focus on smart grid technologies. This effort, heralded by U.S. Department of Energy as a model for other utilities to follow (and endorsed by the head of grid security at IBM), marks the first approach to advancing cyber security at the distribution level and recognizes that electric cooperatives have pioneered a broad range of solutions to keeping electricity flowing reliably and electric bills affordable.