New Energy Infrastructure Legislation Confirms Need to Enhance Information Exchange for more Secure Grid
By Richard Mroz, former president, NJ Board of Public Utilities and former Chairman NARUC Critical Infrastructure Committee
The Energy Infrastructure Protection Act introduced in Congress last week by Senators Lisa Murkowski (R-AK) and James Risch (R-ID) caught Protect Our Power’s attention for two reasons:
- The legislation would provide an enhanced and more secure flow of critical information between electric utility companies and their regulatory agencies; and,
- The issue of confidential information sharing was a central element of a report Protect Our Power sponsored with Vermont Law School’s Energy and Environment Institute and issued last year.
The focus of the Energy Infrastructure Protection Act confirms that the issues examined by Vermont Law School are central to improved cybersecurity in the electric sector, whose delivery of reliable electric power is essential to the functioning of our modern, manufacturing-based, high-tech economy. Electricity is what drives our businesses and supports one of the world’s highest standards of living.
Protect Our Power and Vermont Law School launched the two-phase study two years ago to identify state-level gaps in electric sector cybersecurity, and to identify model legislative and regulatory approaches to closing those gaps that could be used across the country.
When we released Phase 2 of the report last November — before the coronavirus pandemic — few of us would have guessed that just three months later we would all experience what a major societal disruption is like. It is my hope and expectation that, as Americans emerge from the pandemic in coming months, elected officials and utility regulators across the U.S. will take a closer look at the Protect Our Power/Vermont Law School report and act on its findings with urgency.
During my tenure as president of the New Jersey Board of Public Utilities and, in a related role, as Chairman of the Critical Infrastructure Committee established by the National Association of Regulatory Utility Commissioners, I heard frequently about the challenges that electric utilities face in securing approval for, and then recouping their investment in, cybersecurity measures. Part of that challenge was how to exchange key proprietary or competitive information in a totally secure and confidential manner.
As the Protect Our Power/Vermont Law School report notes, “The movement of confidential information is a critical element in improving the cybersecurity posture of utilities and broadening the institutional capacity of regulators.” The report found that as much as utilities might want to provide key information to regulators, and that failing to do so was hampering the response to emerging cybersecurity threats, the utilities also have legitimate concerns about meeting strict compliance laws and ensuring that data collected by regulators does not somehow become a target for hackers.
The Protect Our Power/Vermont Law School report highlights how utilities and their regulators in several states are beginning to meet these types of challenges, which must be overcome in order to enhance the protection of our critical infrastructure, especially the electric grid.
Specifically, the report identifies how states and state utility commissions can use existing tools to break down barriers that leave the electric distribution system vulnerable to disabling attacks. The report examines state statutes, regulations, and utility commission orders from more than two dozen states, including California, Florida, Iowa, Michigan, New York, and Pennsylvania. Building on initiatives and experiences in those states, the report provides substantive examples and relevant recommendations on how improved efforts at the state level can significantly enhance the security and resilience of our electric grid.
The degree to which the electric sector is at risk was underscored on May 1st when President Trump signed an Executive Order to better protect the electric grid from attacks and infiltration by foreign adversaries. The issuance of this Executive Order is proof positive that the grid is under attack and much work needs to be done — and fast — to better secure and protect America’s power supply.
The numerous findings and recommendations in Phase 2 of the Protect Our Power/Vermont Law School report provide specific actions that can be taken in both the short- and long-term to get us moving in the right direction.
Rick Mroz
Author Bio