As substations become more technologically sophisticated, physical security and cybersecurity become more of a priority.
Based on Tri-County’s desire to have a secure and reliable system, the coop is proactively developing its cybersecurity measures in addition to its NERC program. The utility was originally registered with NERC through its generation and transmission (G&T) provider who handled the coop’s NERC requirements. In 2011, Tri-County started developing a NERC program while still being represented by the G&T provider. In May 2012, Tri-County moved from being represented by the G&T provider to becoming a registered entity with NERC.
Since then, Tri-County saw the need for developing cybersecurity measures in addition to its compliance with the NERC reliability standards. When the executive order concerning cybersecurity was issued with a corresponding request for information, Tri-County saw an opportunity to take an active role in the development of the nation’s cybersecurity framework. In addition to learning from the comment process, a team was formed to develop the coop’s cybersecurity response plan, which considers several important factors:
- The determination of CIKR on the system and understanding its role and function within the system
- The ability to monitor the CIKR and system conditions to respond quickly or identify potential cybersecurity risks
- The recognition of the roles of engineering, operations and IT in providing system security
- The development of a symbiotic relationship between engineering, operations and IT to ensure an effective and prompt response to cybersecurity conditions
- The security of information internally and a framework to define procedures for information released outside the utility
- Senior management providing emphasis of the importance of practicing the utility’s cybersecurity plan.
These factors and others that emerge during the development of Tri-County’s cybersecurity response plan will create a strong cybersecurity framework along with the CIP standards.
The Gap and Crossroads
It is easy to identify a considerable gap between the technologies of today and operational philosophies of yesterday. Current regulatory standards and practices, when effective, only provide part of the bridge that will reduce this gap. But, the potential for cybersecurity compromises and system reliability degradation are real challenges that may be enabled by the industry’s unwillingness to look forward and evolve.
Tri-County recognizes the need for a strong cybersecurity program, in addition to its NERC program, to ensure a secure and reliable system for its members. While cybersecurity plans beyond the CIP standards may not be a requirement for the industry, Tri-County recognizes the need to develop a cybersecurity response plan as a prudent and responsible step in supplying energy to its members.
It is important for the industry to understand the electric grid is at a crossroads that will determine its overall effectiveness in the future. The industry can be a keystone of this nation’s future infrastructure security.
Mike Swearingen (email@example.com) is manager of regulatory policy at Tri-County Electric Cooperative and has bachelor’s degrees in computer science and mathematics from the Eastern New Mexico University. He is a member of the IEEE Power & Energy Society, the Computational Intelligence Society and the IEEE Standards Association. He has served on the National Rural Electric Cooperative Association’s power-quality subcommittee, worked with the National Electric Energy Testing Research and Applications Center as well as the Centre for Energy Advancement through Technological Innovation, and been a member of Subcommittee 5 of the National Electrical Safety Code. Swearingen actively contributes to the Department of Energy’s Gridtech Grid Integration team, the DOE’s Grid Engineering for Accelerated Renewable Energy Deployment as an independent merit reviewer, and the DOE’s Energy Efficiency and Renewable Energy in establishing a T&D system R&D road map.
Joe Weiss (firstname.lastname@example.org) is a managing partner at Applied Control Solutions and an expert on cybersecurity of industrial control systems (ICS). He spent more than 14 years at the Electric Power Research Institute and is a member of several international standards organizations on ICS cybersecurity. He has authored two books, several book chapters and more than 60 articles, as well as testified to several congressional committees. Weiss is an ISA fellow and an IEEE senior member, and he chairs the annual ICS Cyber Security Conference.
Applied Control Solutions| http://realtimeacs.com
National Institute of Standards and Technology
North American Electric Reliability Corp.| www.nerc.com
Tri-County Electric Cooperative| www.tri-countyelectric.coop