Electric Grid Resilience: Meeting the FERC Definition

by Steven T. Naumann, former Vice President, Transmission and NERC Policy, Exelon

Resilience as a concept has been around for centuries, and many different definitions have been used. Different types of critical infrastructure, for example, have their own definitions.

In the utility industry, however, resilience as a practice takes on a critical role in ensuring the security and robustness of our electric grid, the lifeblood of our economic and social system. As such, the Federal Energy Regulatory Commission (FERC) has proposed a definition of resilience specific to its grid oversight role:

“The ability to withstand and reduce the magnitude and/or duration of disruptive events, which includes the capability to anticipate, absorb, adapt to, and/or rapidly recover from such an event.”

In this detailed definition, each element of resilience is important and, as we have seen by the impact of Covid-19 on the health care system, a weakness or failure in any element of resilience can be disastrous. In the context of the electric grid and cybersecurity, each element of the FERC definition is essential.

The electric power industry has decades of experience in recovery from natural events, such as severe storms, and has in place mutual assistance agreements whereby unaffected utilities send personnel to those areas hit by storms to assist in restoration.

Utilities also maintain stocks of spare equipment to recover from natural events and equipment failures and have in recent years increased some stockpiles of critical equipment. They have also created equipment-sharing agreements between utilities in order to support their mutual ability to recover quickly from unlikely, but credible, events such as physical attacks.

Replacing or repairing grid equipment seems simple but, in reality, during a widespread natural or man-made grid disaster, some types of equipment generally may not be available for purchase “off the shelf,” nor located in close proximity to where they are actually needed. For example, in some cases, specialized transformers or circuit breakers may even have to be manufactured, a process that can take 12 – 18 months and often occurs outside the United States. Hurricane Harvey in Houston and Superstorm Sandy in New Jersey and New York provide stark illustrations of power-restoration challenges that involved lengthy delays in accessing some categories of equipment.

The precautions that are being taken by the utilities regarding the availability of long-lead-time equipment, and the lessons learned from actual experience, also support responding to a cyberattack, which could disable different types of equipment or systems remotely and digitally. The utility industry’s Electricity Subsector Coordinating Council leads the industry work in this area, in conjunction with senior government officials, and has formed a Cyber Mutual Assistance Program.

But, as we have seen during the Covid-19 pandemic, severe shortages of routine supplies, such as personal protective equipment, can result when a major event occurs that affects many entities at the same time. The manufacturing capability simply does not exist, even for routine supplies, when demand escalates by orders of magnitude in a very short time. This situation is exacerbated by the fact some routine equipment either is manufactured outside of the U.S. and/or is dependent on a global supply chain. This can result in not only shortages of equipment, but also in price gouging or having foreign countries reduce or block exports to fulfill their own needs or political objectives.

In the event of a large-scale cyberattack on the electric grid, or worse yet a continent-wide or multinational attack, critical grid equipment such as digital protective relays could be damaged or destroyed. In such a situation, there likely would not be sufficient equipment available “off-the-shelf” to complete grid restoration, and the demand for new equipment would likely overwhelm existing manufacturing capability.

Therefore, similar to programs to procure and stockpile long-lead-time equipment, the utility industry, with the support of regulatory agencies, should consider further increasing stocks of critical cyber-related grid equipment, even though some or most of that equipment does not have long lead times under normal conditions.[1]

A good starting point would be for FERC and/or DOE, working with the utilities and state regulatory commissions, to articulate a policy supporting procurement of additional cyber protection equipment, and clarifying any financial approvals or accounting issues to ensure that utilities know that their investment in this spare equipment can be capitalized.

Since federal and state electricity regulators across the nation expect utility companies to engage in long-term planning and risk mitigation, it seems fair and prudent for those regulators to support critical equipment programs that can clearly help utility companies better prepare for the inevitability of cyberattacks, and be capable of restoring power more quickly and cost-effectively following a major power outage.

After all, doing so would help the utilities meet the FERC definition of “resilience.”

[1] The industry also could build on its equipment sharing programs for large power transformers, such as STEP, Grid Assurance and RESTORE.

Steve Naumann

Author Bio