For the past nine months, the Center for the Study of the Presidency and Congress (CSPC) has conducted a series of senior-level roundtables throughout the country to address one of our nation’s most pressing and vexing infrastructure problems: how to secure the electrical grid from physical and cyber risks. I was fortunate to participate in four of the eight roundtables covering wide-ranging topics such as smart grid, cyber threats, information sharing, geomagnetic storms, and public-private partnerships.
On July 15, CSPC released “Securing the U.S. Electrical Grid,” which contained 12 key recommendations:
- The case for electrical grid security must be built through a comprehensive, strategic, risk-based approach.
- The Obama Administration should continue to pursue actions that facilitate grid security and critical infrastructure security.
- Congress must act to codify structures for cyber security information sharing.
- Exchange programs should be developed to allow government employees to temporarily work at private sector utility companies and vice versa.
- Where possible, security information sharing should be an automated process.
- The business model for further electrical grid security investments must also include private sector actors, such as the insurance industry and the financial sectors.
- The Department of Energy should continue its role as the “Sector-Specific Agency” for electrical grid security.
- Grid security must be better understood in conjunction with the other critical infrastructures and supply chain on which the grid relies.
- Congress must explore options to better coordinate oversight and grid-related legislation.
- Government and the utility industry should seek to build public-private partnerships for improved grid resilience and security.
- State resources, especially the National Guard, should be integrated into grid security planning.
- Unresolved questions about the implementation of smart grid, microgrid, and the shift to renewable generation require further examination with an eye toward grid security and reliability.
On the whole, this is a great set of recommendations informed by leading thinkers from the public and private sector. While the study is biased toward federal actions, there is ample discussion of grid modernization, the changing utility business model, and the critical roles of key stakeholders in creating incentives to invest in security and resilience.
I was particularly happy to see that the study recognizes how smart grid technology can bake security in, provided it is designed with security in mind. However, I don’t think the report gave enough attention to the important role that states play in approving rate cases that enable investor-owned utilities to recoup investments in security and resilience. Without a conscious and informed approach, rate cases in front of PUCs may be decided in an inconsistent or ad hoc manner.
At the end of the day, the security of the U.S. electrical grid is largely in the hands of the private sector that owns, operates, and maintains the grid. While regulations and federal actions are needed to protect the security and economic interests of the nation, a key role of government is to partner with the private sector for mutual benefit and help remove the barriers that inhibit grid security and resilience.
During the CSPC Electrical Grid and Cybersecurity Event on the Hill on Tuesday, former Governor and Homeland Security Secretary Tom Ridge put it best by repeating a key point taken directly from the report: “Resorting to a regulatory hammer is likely to hamper these efforts and reduce trust between utilities, their regulators, and policymakers.”